Hi All, To make it clearer that these dependencies are not shipped with our product and are optional dependencies I have made a ticket [1] and have marked the dependencies as provided. This way they will also be excluded when creating a WAR or fat jar.
Cheers, Hans [1] https://github.com/apache/hop/issues/6159 On 9 Dec 2025 at 20:39 +0100, Bart Maertens <[email protected]>, wrote: > Hi Sree, > > You're absolutely right, Apache Hop (like all other projects at the ASF) > can't include (L)GPL licensed dependencies. > These Stanford NLP dependencies are not included in the Apache Hop client > distribution, but users can add them to their installation. This is also > clearly stated in the documentation[1]. > > [1] https://hop.apache.org//manual/latest/pipeline/transforms/stanfordnlp.html > > Hope this helps. > > Bart > > On Tue, Dec 9, 2025 at 8:28 PM Sree Menon <[email protected]> wrote: > > Hi Folks, > > > > I am evaluating the use of Apache Hop as an ETL engine in our backend. We > > are a commercial SaaS software provider, Obviously the fact that Hop is > > licensed under Apache 2.0 is comforting. We did a SBOM scan and a license > > scan and find that there are the following components: > > Stanford-corenlp-4.5.7-models.jar and Stanford-corenlp-4.5.7.jar in the hop > > install are GPL 3.0 licensed. This is of great concern as this is a viral > > license, i.e. It turns software using, linking these components also into > > GPL 3.0 licensed. What are the thoughts of the community on this ? > > > > Thanks, > > Sree > > > >
