[
https://issues.apache.org/jira/browse/QPID-8579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17519496#comment-17519496
]
PJ Fanning commented on QPID-8579:
----------------------------------
[~rgodfrey] would it be possible to update docs to say the component is no
longer supported? Retiring projects is fine, it's just that we should make sure
it is announced.
Page like:
* [https://qpid.apache.org/components/jms/amqp-0-x.html]
* [https://github.com/apache/qpid-jms-amqp-0-x/blob/main/README.txt]
> [AMQP-J] main branch uses many insecure libs
> --------------------------------------------
>
> Key: QPID-8579
> URL: https://issues.apache.org/jira/browse/QPID-8579
> Project: Qpid
> Issue Type: Improvement
> Reporter: PJ Fanning
> Priority: Major
>
> ```
> <logback-version>1.2.3</logback-version>
> <guava-version>27.0-jre</guava-version>
> <fasterxml-jackson-version>2.10.4</fasterxml-jackson-version>
> <httpclient-version>4.5.3</httpclient-version>
> ```
> All of these have open CVEs
> https://github.com/apache/qpid-jms-amqp-0-x/blob/main/pom.xml
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
