[
https://issues.apache.org/jira/browse/SOLR-16048?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17496891#comment-17496891
]
ASF subversion and git services commented on SOLR-16048:
--------------------------------------------------------
Commit 0d11238903a59f08e2041cbc5d2c22206cae0ee6 in solr's branch
refs/heads/branch_9_0 from Kevin Risden
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=0d11238 ]
SOLR-16048: Examine Tika dependencies that brought in javax classes
* jakarta.annotation-api - this should be allowed so exclusion in
smokeTestRelease
* jakarta.activation - this should be allowed so exclusion in smokeTestRelease
* jakarta.xml.bind-api - this should be allowed so exclusion in smokeTestRelease
* unit-api - this should be allowed so exclusion in smokeTestRelease
* removed jersey and xml-api exclusion since they aren't dependencies
anymore
> Examine Tika dependencies that brought in javax classes
> -------------------------------------------------------
>
> Key: SOLR-16048
> URL: https://issues.apache.org/jira/browse/SOLR-16048
> Project: Solr
> Issue Type: Task
> Security Level: Public(Default Security Level. Issues are Public)
> Components: contrib - Solr Cell (Tika extraction)
> Reporter: Kevin Risden
> Assignee: Kevin Risden
> Priority: Major
> Fix For: 9.0
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> SOLR-15989 Tika 1.28.1 upgrade brought in some javax packaged classes which
> [~janhoy] caught with the smoketester. Details from [~janhoy] in SOLR-15989:
> {quote}This upgrade adds many parsers and dependencies. I ran the
> smoketester, which introspects every jar looking for illegal "java.{*}" and
> "javax.{*}" class files. These libararies were flagged by the smoke tester:
> {code:java}
> modules/extraction/lib/unit-api-1.0.jar" contains sheisty class
> "javax/measure/Dimension.class"
> modules/extraction/lib/jakarta.activation-1.2.2.jar" contains sheisty class
> "javax/activation/CommandInfo$Beans$1.class"
> modules/extraction/lib/jakarta.annotation-api-1.3.5.jar" contains sheisty
> class "javax/annotation/security/PermitAll.class"
> jakarta.xml.bind-api:2.3.3 {code}
> I believes all jakarta libs are OK license wise, but strangely they use the
> javax.xxx namespace instead of jakarta.xxx. The Units API (javax.measure.xxx)
> seems to be in the same category, that it is a JSR implemented with an
> allowed license.
> We have excluded several annotation jars elsewhere, that's why I raise this
> here.
> I assume the correct action is to make exceptions for these pacakges in the
> smoke tester. Any other insight?{quote}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
