tika-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard Jones (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (TIKA-2536) Move to later edu.ucar version to avoid EOL dependencies
Date Wed, 10 Jan 2018 15:03:00 GMT

     [ https://issues.apache.org/jira/browse/TIKA-2536?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Richard Jones updated TIKA-2536:
--------------------------------
    Description: 
The currently referenced 4.5.5 versions of edu.ucar:grib and edu.ucar:cdm (released in Mar
2015), as well as being branch EOL themselves, depend on many other project/branch/version
EOL artifacts for which much later and active versions are often available. The list is as
follows:

- edu.ucar:grib depends on the project EOL bzip2. Much more recent versions of edu.ucar:grib
exist that no longer depend on bzip2 (note: Jbzip2 is hosted on the Google Code site, which
was shut down for active development in 2015.  The project was never migrated to another site,
e.g. Github).

- edu.ucar:grib depends on the 2.0.4 EOL version of org.jdom:jdom2

- edu.ucar:cdm depends on the 2.6.2 branch EOL version of net.sf.ehcache:ehcache-core

- edu.ucar:cdm depends on the 2.2.0 EOL version of org.quartz-scheduler:quartz for which active
versions are available. In turn org.quartz-scheduler:quartz depends on the 0.9.1.1 branch
EOL version of c3p0:c3p0. Later versions of quartz have moved to the active com.mchange:c3p0

- edu.ucar:grib depends on the 2.5.0 branch EOL version of com.google.protobuf:protobuf-java
for which active versions are available.

Request moving to a much later version of edu.ucar, or alternative artifacts to address all
the above EOL issues (lack of active support for vulnerabilities and bugs).


  was:
The currently referenced 4.5.5 version of edu.ucar:grib released in Mar 2015 is itself branch
EOL and depends on the project EOL'd bzip2. Much more recent versions of edu.ucar:grib exist
that do not depend on bzip2.
Request moving to a much later version of edu.ucar:grib (e.g. 4.6.10 from Apr 2017) than no
longer depends on the EOL'd bzip2 and isn't itself branch/version EOL.
(note: Jbzip2 is hosted on the Google Code site, which was shut down for active development
in 2015.  The project was never migrated to another site, e.g. Github).

Additionally the currently referenced 4.5.5 version of edu.ucar:grib depends on the EOL 2.0.4
version of org.jdom:jdom2.

Additionally the currently referenced 4.5.5 version of edu.ucar:cdm depends on the branch
EOL 2.6.2 version of net.sf.ehcache:ehcache-core.

Moving to a much later version of edu.ucar will address all the above EOL issues (lack of
active support for vulnerabilities and bugs).



> Move to later edu.ucar version to avoid EOL dependencies
> --------------------------------------------------------
>
>                 Key: TIKA-2536
>                 URL: https://issues.apache.org/jira/browse/TIKA-2536
>             Project: Tika
>          Issue Type: Improvement
>          Components: parser
>    Affects Versions: 1.16, 1.17
>         Environment: All
>            Reporter: Richard Jones
>
> The currently referenced 4.5.5 versions of edu.ucar:grib and edu.ucar:cdm (released in
Mar 2015), as well as being branch EOL themselves, depend on many other project/branch/version
EOL artifacts for which much later and active versions are often available. The list is as
follows:
> - edu.ucar:grib depends on the project EOL bzip2. Much more recent versions of edu.ucar:grib
exist that no longer depend on bzip2 (note: Jbzip2 is hosted on the Google Code site, which
was shut down for active development in 2015.  The project was never migrated to another site,
e.g. Github).
> - edu.ucar:grib depends on the 2.0.4 EOL version of org.jdom:jdom2
> - edu.ucar:cdm depends on the 2.6.2 branch EOL version of net.sf.ehcache:ehcache-core
> - edu.ucar:cdm depends on the 2.2.0 EOL version of org.quartz-scheduler:quartz for which
active versions are available. In turn org.quartz-scheduler:quartz depends on the 0.9.1.1
branch EOL version of c3p0:c3p0. Later versions of quartz have moved to the active com.mchange:c3p0
> - edu.ucar:grib depends on the 2.5.0 branch EOL version of com.google.protobuf:protobuf-java
for which active versions are available.
> Request moving to a much later version of edu.ucar, or alternative artifacts to address
all the above EOL issues (lack of active support for vulnerabilities and bugs).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message