[
https://issues.apache.org/jira/browse/AXIS-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14972764#comment-14972764
]
Markus Koschany commented on AXIS-2911:
---------------------------------------
Please allow me to clarify the original bug report. I'm a member of the Debian
Java team. We maintain axis and 14 source packages which require axis to build
successfully. https://tracker.debian.org/pkg/axis
Currently axis build-depends on the obsolete and unmaintained
commons-httpclient library. We would like to remove this build-dependency and
remove commons-httpclient from Debian. We can remove the build-dependency on
commons-httpclient but I cannot assess what this means for the 14 source
packages which might depend on the availability of the HTTP transport provided
by commons-httpclient.
If I correctly understand the information at
http://axis.apache.org/axis/java/transports/http-javanet/index.html we have to
package the latest version of Axis, 1.4.1, and an additional jar file,
axis-rt-transport-http-javanet-1.4.1-SNAPSHOT.jar which provides the HTTP
transport based on java.net.URL.
Is the new HTTP transport a drop-in replacement of the commons-httpclient
transport? Do packages which build-depend on axis require further adjustments?
Where can I download the sources for Axis 1.4.1 and
axis-rt-transport-http-javanet? According to https://axis.apache.org/axis/ the
latest upstream release is 1.4.
> Axis depends on obsolete and unmaintained commons-httpclient library
> --------------------------------------------------------------------
>
> Key: AXIS-2911
> URL: https://issues.apache.org/jira/browse/AXIS-2911
> Project: Axis
> Issue Type: Bug
> Components: Basic Architecture
> Affects Versions: 1.4
> Environment: Debian GNU/Linux
> Reporter: Markus Koschany
> Labels: security
>
> Axis depends on commons-httpclient. https://hc.apache.org/httpclient-3.x/
> This library has reached EOL status four years ago and was replaced by Apache
> httpcomponents-client:
> https://hc.apache.org/httpcomponents-client-ga/index.html
> commons-httpclient was affected by multiple security issues in the past but
> is no longer supported by its upstream developers. This makes it difficult
> for Linux distributions to provide any support for applications and libraries
> which still depend on commons-httpclient.
> Please consider to make the switch to httpcomponents-client
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
