I upgraded my Fabric8 Spring Boot Camel pom.xml to use Camel 2.16.0 but not all components appear to be available in 2.16.0
I had to leave the following components at 2.15.3 as I get "Missing artifact" for the 2.16.0 versions:
camel-metrics
camel-jsonpath
camel-spring-boot
Are these not available in Camel 2.16.0?
I'm using Fabric8 version 2.2.46 and Spring Boot version 1.2.6.RELEASE.
I needed to delete my local Maven repository and rebuild.
Delete the artifacts (or the full local repo) from c:\Users\username.m2\repository by hand.
Related
I am using spring boot version 2.1.5.Release, am trying to remove log4j 1.2.17 jar tried exclusion logic.inside spring boot starter dependency it's not worked. Could you please help me to fix the log4j issue. I tried upgrade of Spring boot version still I see dependency in my eclipse under maven dependencies..thanks in advance.
Check that you do not have the logging starter for log4j. If not, then in the dependency hierarchy in eclipse, right-click on log4j and it will let you exclude it from whatever is pulling it in as a transitive dependency.
I am currently using spring-boot version 1.5.22.RELEASE and I am trying to upgrade my Jackson-databind dependency's version( currently 2.8.11.3 ) in my pom-file to the latest one( 2.12.3 ) ,but even after mvn clean install I see two jars for Jackson databind i.e. both the versions 2.8.11.3 and 2.12.3 ,why is this happening,is it because version 2.12.3 is not supported by spring boot 1.5.22.RELEASE ?Have also tried Downgrading it to 2.5.1 and I still have multiple versions (2.5.1 and 2.8.11.3) of Jackson databind.( Please note that I have excluded Jackson databind in from the components that require it like spring-boot-starter-web and made Jackson-databind as a direct dependency)
I noticed that I cannot create an issue on the spring-batch github and I could not create a topic on the Spring forum so I was redirected here.
I have this in my pom.xml file as explained on Spring.io's Batch tutorial
<dependency>
<groupId>org.springframework.batch</groupId>
<artifactId>spring-batch-core</artifactId>
<version>4.0.1.RELEASE</version>
</dependency>
And when I run the mvn dependency-check:check I see these issues
spring-tx-5.0.0.RELEASE.jar
CVE-2018-1199 - upgrade spring framework to latest 4.x
spring-batch-core-4.0.1.RELEASE.jar
CVE-2014-0225 - upgrade spring mvc - added it and latest 4.x
CVE-2015-5211 - upgrade springframework 4.x
CVE-2016-5007 - upgrade springframework 4.x
CVE-2014-3578 - upgrade springframework 4.x
CVE-2014-3625 - upgrade springframework 4.x
I ran mvn dependency:build-classpath -Dmdep.outputFile=cp.txt the offending jars above are located in my classpath. Then ran 'mvn dependency:tree` but did not see the offending jars.
mvn dependency:tree 2>&1 | egrep -i 'batch-core|spring-tx'
I tried googling some of the core CVEs which said to upgrade spring-mvc which I don't even have in my project but I explicitly defined it anyway. My spring version is set to the latest 4.x and even upgrading to 5.x still throws the vulnerability because spring-batch-core's latest version is still vulnerable.
Am I doing something wrong in my pom file?
To start, none of those CVEs apply directly to Spring Batch or the spring-batch-core jar file. They are all related to Spring Framework and Spring MVC. Also, every one of those CVEs has been mitigated in the specified patch versions.
If you have confirmed that your POM is bringing in the correct, non-vunlerable, version of Spring Framework, this is a case of a false positive and you'll need to configure whatever tool you're using to address this. If the artifact you are building as a result of the build process includes a vulnerable version of Spring Framework (or related components), then you do have an issue with your POM. We can help, but we need to see the POM in order to do so.
I just started using SpringBoot 1.5.1. When I select the spring-cloud related dependencies from the Spring Initilzr and make a build for my application, I end up with SNAPSHOT dependencies for the following, among others
spring-cloud-aws-dependencies
spring-cloud-bus-dependencies
spring-cloud-commons
spring-cloud-config-server
spring-cloud-consul
Is this correct? My companies MAVEN repo does not allow SNAPSHOT files to be uploaded.
For some reason Initilzr prefers the Dalston snapshot release of spring-cloud to the current stable Camdem.SR5 release.
Just update your POM file and replace Dalston.BUILD-SNAPSHOT with Camden.SR5 for the spring-cloud-dependencies dependency management.
Which maven plugin is used for building an osgi bundle containing camel-routes and some POJO's for deploying inside fuse-servicemix 4.3.0 . i have used pax as well as maven-bundle plugin for deploying into fuse servicemix .i get a lotof error's using these .any other good maven-plugin ?
There are some documentation here about the maven archetypes
http://servicemix.apache.org/SMX4/creating-a-bundle-using-maven.html
There is a newer version of the plugin than listed on the web page
The latest release is here
http://repo2.maven.org/maven2/org/apache/servicemix/tooling/servicemix-camel-osgi-bundle/2010.01/
But keep an eye in the central repo as newer version will be released.