Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #12782
| From | Santiago Ruano Rincón <santiagorr@riseup.net> |
|---|---|
| Newsgroups | linux.debian.maint.java |
| Subject | Status of axis in debian |
| Date | 2024-07-10 16:00 +0200 |
| Message-ID | <IYG1r-18Vq-5@gated-at.bofh.it> (permalink) |
| References | <IYG1r-18Vq-7@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
[Multipart message — attachments visible in raw view] - view raw
(Resending to the correct address list; sorry for the noise) El 10/07/24 a las 10:41, Santiago Ruano Rincón escribió: > Dear Java packaging team, > > (Please CC: me when replying, I am not subscribed to the list) > > According to the apache advisory of CVE-2023-51441, axis 1.x has been > EOL'ed upstream: > > https://lists.apache.org/thread/8nrm5thop8f82pglx4o0jg8wmvy6d9yd > > According to the comment by grid on #debian-security, I understand it is > on life support upstream, and there have been fixes for CVEs the last > years, including at least one not-unimportant. However, from the above > mentioned advisory, upstream recommends to migrate to a "different SOAP > engine, such as Apache Axis 2/Java." > > On sid, this is the current list of build dependencies of libaxis-java: > > jalview > jets3t > jglobus > starjava-datanode > starjava-dpac > starjava-topcat > starjava-ttools > starjava-vo > starjava-votable > uimaj > > So my mail is just to start any discussion to see if it would be > appropriate to file bugs on the reverse dependencies, to ask the > maintainers if they could study how feasible is to migrate to another > SOAP engine. > > Any thoughts? > > Cheers, > > -- Santiago
Back to linux.debian.maint.java | Previous | Next — Next in thread | Find similar
Status of axis in debian Santiago Ruano Rincón <santiagorr@riseup.net> - 2024-07-10 16:00 +0200 Re: Status of axis in debian Pierre Gruet <pgt@debian.org> - 2024-07-14 15:20 +0200
csiph-web