Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-9388

camel-activemq transitively pulls in activemq-client-jakarta

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • None
    • 6.0.0
    • Broker
    • None

    Description

      While reviewing the 6.0.0 release I noticed that the newly added camel-activemq module pulls in activemq-client-jakarta as a transitive dependency. This makes sense since the version used is based on ActiveMQ 5.18.2 as 6.0.0 isn't released yet.

      We need to exclude this because with version 6.0.0 this module no longer exists so is not needed and secondly the 5.18.2 version has a CVE against it. The dependency in the current release is not included in the tar distribution but since it is transitively being pulled in with maven if someone has a dependency on the apache-activemq pom they will have the jar pulled into their build.

      Attachments

        Issue Links

          is caused by

          Dependency upgrade - Upgrading a dependency to a newer version AMQ-9281 Upgrade to Camel 4.1.0

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              cshannon Christopher L. Shannon
              cshannon Christopher L. Shannon
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m