Nice catch, +1!


On 19/07/2021 15:30, Jean Helou wrote:
I think this is an excellent idea ! +1

thank you benoit !

On Mon, Jul 19, 2021 at 10:16 AM <>

Hello all,

While fixing our download pages following some infra bot complains, I
ended up fixing the downloads for Apache James Hupa.

  - The latest release (0.3.0) dates from 2012 which is an eternity in
  - The latest tag on Github is 0.0.3
  - The pom references 0.0.5-SNAPSHOT suggesting that 0.0.4 release is
lost :-(
  - This repository is crippled by multiple CVEs (quick dependabot review):
       - CVE-2021-29425 (commons-io)
       - GHSA-m6cp-vxjx-65j6 CVE-2017-7656 CVE-2015-2080 CVE-2017-7657
CVE-2019-10241 CVE-2019-10247 (Jetty server)
       - CVE-2020-9447 (gwtupload)
       - GHSA-g3wg-6mcf-8jj6 (jetty-webapp)
       - CVE-2019-17571 (log4j)
       - CVE-2016-1000031 CVE-2016-3092 (commons-fileupload)
  - Sporadic activity since 2012
  - Zero to no exchanges for several years on the mailing lists.

 From the Readme:

Hupa is able to discover most of the imap/smtp configuration based on
the email domain part. When you are prompted to login, type your email
address and wait few seconds, if you click on the gear button you can
see the configuration discovered by Hupa, you can modify it if it does
not match your email provider configuration. Then type your inbox
password and you will be logged into your email provider servers.

Hupa is compatible with most email providers, gmail, yahoo, hotmail,
outlook, exchange, james, etc.

I fail to see the value added compared to other webmails like roundcube,
rainloops to quote a few...

As such, given that alternatives exists, given that the project is
likely not mature, unmaintained and unsecure, I propose to retire this
Apache James subproject.

I will do research on procedures and best practices to do so. I guess a
formal vote would be necessary. Likely contact Apache Labs were the
project originated from in 2009...

Best regards,


To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to