Hello Noel, First many thanks for your engagement that I believe did allow to have the amazing piece of software we have today.
Apparently James 2.3 fails to talk SMTP with a modern Zimbra server, expects a 'dot' terminated stream. This 'bug' do not occur on modern James versions. Do we also maintain Apache Excalibur [1] ? Retired in 2010... As far as I get it, James 2.x actively relies on it. [1] https://excalibur.apache.org/ That, is one of many dependencies, to be fairly honest I would not be surprised a careful dependency audit finds hundreds of CVEs. Not to mention the use of outdated java versions. Given the effort, do we, as a community want to engage with serious maintenance of Apache James 2.3.x ? I have not seen security updates for years Also, new upcoming users are not fully aware of the state of that application, and might mistakenly believe they would get Apache grade quality (security, backed by an active community, etc...) In my opinion we should at the very least stops advertising that version, that means: - Archive related downloads - Remove references from the website That is our responsibility. Stating clearly as a community that we no longer assume maintining it would be better to me. Best regards, Benoit On 23/07/2021 23:10, Noel J. Bergman wrote: > I still use James v2 in production. I could be convinced to move forward > (migration of config is a concern), but I still do run it, and would be able > to fix any bugs, given the amount of code in there that was written by me. > > Are there any particular defects that need to be addressed? I agree that it > should be viewed as maintenance only, with no new development. > > Oh, and hi! 😊 > > --- Noel > > -----Original Message----- > From: btell...@apache.org <btell...@apache.org> > Sent: Friday, July 23, 2021 5:18 > To: server-dev@james.apache.org > Subject: End of support for Apache James 2.3.2 ? > > Hello, > > Following recent discussions on gitter, issues are reported on Apache James > version 2.3.2. > > This version is not under active development (released in 2013 with a > security fix in 2015 version 2.3.2.1). > > No active development had been undertook recently. > > The source code is not available on Git / Github. > > I fear no real active committer is able to fix issues on it. > > It uses Avalon Phoenix retired in 2004 (yes...). > > For archeologists, sources can be found at > http://svn.apache.org/repos/asf/james/server/tags/2_3_2_1/ > > As such I propose to: > > - Make it clear with a formal vote we can refer to that the Apache James PMC > no longer supports Apache James vers 2.x. > - Archive related downloads > - Remove references from the website > - Write a little email to the Apache announce mailing list, general@james, > server-user@james. > > Thoughts? > > Regards, > > Benoit TELLIER > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org > For additional commands, e-mail: server-dev-h...@james.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org > For additional commands, e-mail: server-dev-h...@james.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org
