Package: jenkins-json
Severity: normal
User: pkg-java-maintainers@lists.alioth.debian.org
Usertags: oldlibs libcommons-httpclient-java

Hi,

jenkins-json depends on libcommons-httpclient-java, which is obsolete and was
replaced by libhttpclient-java. It has reached EOL status in 2011! It is no
longer supported upstream [1] and was affected by multiple security issues in
the recent past. jenkins-json should be ported to the new libhttpclient-java
version, so that we can remove the old, unmaintained one. Please forward this
issue upstream, if you can't migrate the package yourself.

We would like to see libcommons-httpclient-java removed during the Stretch
release cycle but due to the large number of reverse-dependencies the outcome
depends more than ever on your help.

Please help us to accomplish this goal. We will bump this issue to important
when the list of rdeps is getting smaller and we think that the removal is
possible. We will eventually raise the severity to serious when the number
of rdeps is small.

If you have any questions don't hesitate to ask and contact us on

debian-j...@list.debian.org

Regards,

Markus

[1] https://hc.apache.org/httpclient-3.x/

[2] 
https://security-tracker.debian.org/tracker/source-package/commons-httpclient

__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to