[
https://issues.apache.org/jira/browse/AXIS2-6072?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Atharva Gokhale updated AXIS2-6072:
-----------------------------------
Description:
I have created this ticket to request the discontinuation of the usage of
certain libraries that are being required to support the usage of the presently
available versions of axis2. This mainly includes the dependencies from the
rampart series including rampart-trust, rampart-core, and rampart-policy. Since
these libraries are EOL since a long time and do not have any latest version(s)
released since 6-7 years, it is challenging to address the security
vulnerabilities posed by these and the other dependencies being used by these
transitively. An important example of this is the requirement of the older
versions of opensaml to in turn support the outdated rampart dependencies.
Thus, we wish to ask that when would Apache stop the requirement to keep using
such outdated dependencies and update the code to make it compatible with
respect to the latest available alternatives for an important resource like
axis2?
was:
I have created this ticket to request the discontinuation of the usage of
certain libraries that are being required to support the usage of the presently
available versions of axis2. This mainly includes the dependencies from the
rampart series including rampart-trust, rampart-core, and rampart-policy. Since
these libraries are EOL since a long time and do not have any latest version(s)
released since 6-7 years, it is challenging to address the security
vulnerabilities posed by these and the other dependencies being used by these
transitively.
Thus, we wish to ask that when would Apache stop the requirement to keep using
such outdated dependencies and update the code to make it compatible with
respect to the latest available alternatives for an important resource like
axis2?
> Request to make changes to replace the EOL/deprecated libraries required to
> support axis2 with the available alternatives
> -------------------------------------------------------------------------------------------------------------------------
>
> Key: AXIS2-6072
> URL: https://issues.apache.org/jira/browse/AXIS2-6072
> Project: Axis2
> Issue Type: Improvement
> Affects Versions: 1.8.2
> Reporter: Atharva Gokhale
> Priority: Major
> Labels: security
>
> I have created this ticket to request the discontinuation of the usage of
> certain libraries that are being required to support the usage of the
> presently available versions of axis2. This mainly includes the dependencies
> from the rampart series including rampart-trust, rampart-core, and
> rampart-policy. Since these libraries are EOL since a long time and do not
> have any latest version(s) released since 6-7 years, it is challenging to
> address the security vulnerabilities posed by these and the other
> dependencies being used by these transitively. An important example of this
> is the requirement of the older versions of opensaml to in turn support the
> outdated rampart dependencies.
> Thus, we wish to ask that when would Apache stop the requirement to keep
> using such outdated dependencies and update the code to make it compatible
> with respect to the latest available alternatives for an important resource
> like axis2?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
