Bug#800988: jabsorb: depends on obsolete libcommons-httpclient-java library

apo at gambaru.de apo at gambaru.de
Mon Oct 5 14:51:48 UTC 2015


Package: jabsorb
Severity: normal
User: pkg-java-maintainers at lists.alioth.debian.org
Usertags: oldlibs libcommons-httpclient-java

Hi,

jabsorb depends on libcommons-httpclient-java, which is obsolete and was
replaced by libhttpclient-java. It has reached EOL status in 2011! It is no
longer supported upstream [1] and was affected by multiple security issues in
the recent past. jabsorb should be ported to the new libhttpclient-java
version, so that we can remove the old, unmaintained one. Please forward this
issue upstream, if you can't migrate the package yourself.

We would like to see libcommons-httpclient-java removed during the Stretch
release cycle but due to the large number of reverse-dependencies the outcome
depends more than ever on your help.

Please help us to accomplish this goal. We will bump this issue to important
when the list of rdeps is getting smaller and we think that the removal is
possible. We will eventually raise the severity to serious when the number
of rdeps is small.

If you have any questions don't hesitate to ask and contact us on

debian-java at list.debian.org

Regards,

Markus

[1] https://hc.apache.org/httpclient-3.x/

[2] https://security-tracker.debian.org/tracker/source-package/commons-httpclient



More information about the pkg-java-maintainers mailing list