This is an automated email from the ASF dual-hosted git repository.
cshannon pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq.git
The following commit(s) were added to refs/heads/main by this push:
new 3013a3ab3 AMQ-9388 - Exclude activemq-client-jakarta from
camel-activemq
new cbe7c6a83 Merge pull request #1117 from cshannon/AMQ-9388
3013a3ab3 is described below
commit 3013a3ab35a249b46ed6706d66a35f328ede1885
Author: Christopher L. Shannon (cshannon) <[email protected]>
AuthorDate: Mon Nov 13 17:43:24 2023 -0500
AMQ-9388 - Exclude activemq-client-jakarta from camel-activemq
The current version of camel pulls in the activemq-client-jakarta jar
which is not necessary as it no longer exists with ActiveMQ 6.0.0
Furthermore the version being pulled in is 5.18.2 which contains a
critical CVE that was fixed in 5.18.3
---
assembly/pom.xml | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/assembly/pom.xml b/assembly/pom.xml
index c1b7ca3ae..5743c22bc 100644
--- a/assembly/pom.xml
+++ b/assembly/pom.xml
@@ -165,6 +165,15 @@
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-activemq</artifactId>
+ <exclusions>
+ <!-- Current version of Camel has a dependency on the removed
+ activemq-client-jakarta module. This exclusion can eventually be
removed
+ when we upgrade to a version of camel-activemq that depends on 6.x -->
+ <exclusion>
+ <groupId>org.apache.activemq</groupId>
+ <artifactId>activemq-client-jakarta</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.apache.camel</groupId>
