LeoKeogh commented on issue #659: URL: https://github.com/apache/camel-karaf/issues/659#issuecomment-4031217615
Hi @jbonofre, thanks a lot for patching this issue! Just a quick question: is there a reason why CXF is bundled in camel-karaf and not just a dependency provided by the project that imports it? If this were possible, it would reduce the number of future patches since CXF seems fairly vulnerability prone. I found [this](https://issues.apache.org/jira/browse/KARAF-8007) on the previous issue dashboad: "CXF is used only for example/test, so Karaf IS NOT IMPACTED by CXF vulnerability" Thanks again for your help. Leo. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
