Uploaded image for project: 'Tika'
  1. Tika
  2. TIKA-2536

Move to later edu.ucar version to avoid EOL dependencies


    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.16, 1.17
    • Fix Version/s: None
    • Component/s: parser
    • Labels:
    • Environment:



      The currently referenced 4.5.5 versions of edu.ucar:grib and edu.ucar:cdm (released in Mar 2015), as well as being branch EOL themselves, depend on many other project/branch/version EOL artifacts for which much later and active versions are often available. The list is as follows:

      • edu.ucar:grib depends on the project EOL bzip2. Much more recent versions of edu.ucar:grib exist that no longer depend on bzip2 (note: Jbzip2 is hosted on the Google Code site, which was shut down for active development in 2015. The project was never migrated to another site, e.g. Github).
      • edu.ucar:grib depends on the 2.0.4 EOL version of org.jdom:jdom2
      • edu.ucar:cdm depends on the 2.6.2 branch EOL version of net.sf.ehcache:ehcache-core
      • edu.ucar:cdm depends on the 2.2.0 EOL version of org.quartz-scheduler:quartz for which active versions are available. In turn org.quartz-scheduler:quartz depends on the branch EOL version of c3p0:c3p0. Later versions of quartz have moved to the active com.mchange:c3p0
      • edu.ucar:grib depends on the 2.5.0 branch EOL version of com.google.protobuf:protobuf-java for which active versions are available.

      Request moving to a much later version of edu.ucar, or alternative artifacts to address all the above EOL issues (lack of active support for vulnerabilities and bugs).


          Issue Links



              • Assignee:
                Richard Jones Richard Jones
              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created: