Description
While reviewing the 6.0.0 release I noticed that the newly added camel-activemq module pulls in activemq-client-jakarta as a transitive dependency. This makes sense since the version used is based on ActiveMQ 5.18.2 as 6.0.0 isn't released yet.
We need to exclude this because with version 6.0.0 this module no longer exists so is not needed and secondly the 5.18.2 version has a CVE against it. The dependency in the current release is not included in the tar distribution but since it is transitively being pulled in with maven if someone has a dependency on the apache-activemq pom they will have the jar pulled into their build.
Attachments
Issue Links
- is caused by
-
AMQ-9281 Upgrade to Camel 4.1.0
- Resolved