Christopher L. Shannon created AMQ-9388:
-------------------------------------------
Summary: camel-activemq transitively pulls in
activemq-client-jakarta
Key: AMQ-9388
URL: https://issues.apache.org/jira/browse/AMQ-9388
Project: ActiveMQ
Issue Type: Bug
Components: Broker
Reporter: Christopher L. Shannon
Assignee: Christopher L. Shannon
Fix For: 6.0.0
While reviewing the 6.0.0 release I noticed that the newly added camel-activemq
module pulls in activemq-client-jakarta as a transitive dependency. This makes
sense since the version used is based on ActiveMQ 5.18.2 as 6.0.0 isn't
released yet.
We need to exclude this because with version 6.0.0 this module no longer exists
so is not needed and secondly the 5.18.2 version has a CVE against it. The
dependency in the current release is not included in the tar distribution but
since it is transitively being pulled in with maven if someone has a dependency
on the apache-activemq pom they will have the jar pulled into their build.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
