[
https://issues.apache.org/jira/browse/AMQ-9388?focusedWorklogId=890371&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-890371
]
ASF GitHub Bot logged work on AMQ-9388:
---------------------------------------
Author: ASF GitHub Bot
Created on: 14/Nov/23 00:22
Start Date: 14/Nov/23 00:22
Worklog Time Spent: 10m
Work Description: mattrpav commented on PR #1117:
URL: https://github.com/apache/activemq/pull/1117#issuecomment-1809343289
While activemq-client-jakarta is a relocation to 6.0.0, the way the
camel-activemq pulls it in, Maven reactor isn't up-leveling it to 6.0.0 for us
Issue Time Tracking
-------------------
Worklog Id: (was: 890371)
Time Spent: 20m (was: 10m)
> camel-activemq transitively pulls in activemq-client-jakarta
> ------------------------------------------------------------
>
> Key: AMQ-9388
> URL: https://issues.apache.org/jira/browse/AMQ-9388
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Reporter: Christopher L. Shannon
> Assignee: Christopher L. Shannon
> Priority: Blocker
> Fix For: 6.0.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> While reviewing the 6.0.0 release I noticed that the newly added
> {{camel-activemq}} module pulls in {{activemq-client-jakarta}} as a
> transitive dependency. This makes sense since the version used is based on
> ActiveMQ 5.18.2 as 6.0.0 isn't released yet.
> We need to exclude this because with version 6.0.0 this module no longer
> exists so is not needed and secondly the 5.18.2 version has a CVE against it.
> The dependency in the current release is not included in the tar distribution
> but since it is transitively being pulled in with maven if someone has a
> dependency on the apache-activemq pom they will have the jar pulled into
> their build.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
