Concerning help for a migration to Axis2, I don't have much to add unfortunately.
I myself wrote part of the migration guide 15 years ago and without being a recent user I would have to dive deep into the source code of both projects - something you and your team would be better suited for. There is possiblity someone else can respond. Frankly, there isn't that many of us left here after twenty years. Apache requires a minimum of three active members and we have that - but the Axis 1.x people mostly.are lurkers at this point. They do respond occasionally. On Wed, Sep 29, 2021, 05:48 robertlazarski <robertlazar...@gmail.com> wrote: > While there has not been an official axis 1 release since 1.4 in 2006, > there has been hundreds of commits to the project in git since then. > > https://github.com/apache/axis-axis1-java > > The Apache security team requires all active repos to have vulnerabilities > fixed. There are no open CVE's in the project that I am aware of. > > I am not personally an axis 1.x user and there has been very little recent > traffic for the project in Jira and the mailing list. Therefore there is > little motivation for a release from our team. > > There was one member of our project that kept Axis 1.x updated for many > years by adding maven support and a lot of other commits, making it easier > to maintain. > > Challenges for the project include newer JDK support - JDK 11 for example > has a minimum source compatibility requirement of JDK 6 however there are > hundreds of compile errors at that level. > > Because of all this, a release would require community help to push it > forward. > > I suggest building from source. A release would require contributions and > testing. The "Apache way" encourages becoming a committer to projects to > get involved in such a complicated situation. > > Robert > > On Tue, Sep 28, 2021, 23:53 Chea Sovanreach (NCS) < > sovanreach.c...@ncs.com.sg> wrote: > >> Hi Axis2 Team, >> >> >> >> We have been trying to upgrade from Axis1 -> Axis2 for our project due to >> security vulnerability (CVE-2019-0227 : A Server Side Request Forgery >> (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was >> last released in 2 (cvedetails.com) >> <https://www.cvedetails.com/cve/CVE-2019-0227/>. However, there are so >> many APIs that have changed and ways to implement those are not >> straightforward. >> >> For example, *org.apache.axis.message.MessageElement* is totally >> removed. There is no clear guideline or documentation on how to implement >> similar APIs in Axis2. >> >> >> >> Please help to advise on how we can improve our migration process and >> places where we can the reference to look for the changes. >> >> >> >> *Note*: have checked out the official migration guide on your website >> https://axis.apache.org/axis2/java/core/docs/migration.html , but this >> is far from enough for us to do the migration. >> >> >> >> Thank you. >> >> >> >> >> >> Kind Regards, >> >> *Reach* >> >> >> >
