Hi there,
I think the method
org.apache.axis2.wsdl.codegen.extension.JAXBRIExtension.getNamespaceAwareDocumentBuilder()
may
have an XXE vulnerability which is vulnerable in the newest version of
org.apache.axis2:axis2. It shares similarities to a recent CVE disclosure
*CVE-2021-4295* in the *"
Hi
I am using Axis2-transport-http maven dependency in my project. I am
updating project to java 17. Is axis2 support java 17?
Thanks
Vignesh
At my day job, all of our projects use JDK 17 and I expect that you will
have no issues.
On Thu, Aug 17, 2023, 18:39 Vignesh Ragavan
wrote:
> Hi
>
> I am using Axis2-transport-http maven dependency in my project. I am
> updating project to java 17. Is axis2 support java 17?
>
> Thanks
> Vignesh
Axis2-transport-http uses javax.servlet and java 17 support jakarta. How to
resolve this issue?
On Thu, 17 Aug, 2023, 5:30 pm robertlazarski,
wrote:
> At my day job, all of our projects use JDK 17 and I expect that you will
> have no issues.
>
> On Thu, Aug 17, 2023, 18:39 Vignesh Ragavan
> wro
Hi
Axis2-transport-http uses javax.servlet and java 17 support jakarta. We are
using axisservlet class which is not jakarta type. How to resolve
this issue?
Regards
Vignesh
On Thu, 17 Aug, 2023, 5:41 pm Vignesh Ragavan,
wrote:
> Axis2-transport-http uses javax.servlet and java 17 support jakar
Yiheng Cao created AXIS2-6060:
-
Summary: [Axis2]Security Vulnerability - Action Required: XXE
vulnerability in the newest version of org.apache.axis2:axis2
Key: AXIS2-6060
URL: https://issues.apache.org/jira/browse/AX
The javax vs jakarta issue is with open source libs and not the JDK. All
those libs - in general - were moved out of the JDK.
There is a lot of discussion about this in our Jira issues and the next
Axis2 release along with the next Axiom release will have progress on that
question,
On Thu, Aug 17
Thanks for the update.
Can't we use axis2 with java 17 and spring 6 version for now?
On Thu, 17 Aug, 2023, 6:35 pm robertlazarski,
wrote:
> The javax vs jakarta issue is with open source libs and not the JDK. All
> those libs - in general - were moved out of the JDK.
>
> There is a lot of disc
I use JDK and Spring 5 so I see no reason why not.
Spring 6 is pretty new and I haven't got to that yet.
This is open source, so if you have concerns how about cloning the Axis2
git repo with a compile and letting us know? Asking questions will only get
you so far. Helping us out here is the quic
