remove httpclient-4.5.12.jar from engine as runtime dependency - Githubissues

camunda / camunda-bpm-platform

Flexible framework for workflow and decision automation with BPMN and DMN. Integration with Quarkus, Spring, Spring Boot, CDI.

https://camunda.com/

Apache License 2.0

4.02k stars 1.53k forks source link

remove httpclient-4.5.12.jar from engine as runtime dependency #4414

Closed venetrius closed 2 weeks ago

venetrius commented 3 weeks ago

Acceptance Criteria (Required on creation)

Remove httpclient-4.5.12.jar from engine as runtime dependency

Hints

In https://github.com/camunda/camunda-bpm-platform/issues/4193 httpclient-4.5.12.jar is introduced to engine as a runtime dependency. Before it was used as a test dependency. This created a hit in the vulnerability scaner

Links

Breakdown

### Pull Requests
- [ ] https://github.com/camunda/camunda-bpm-platform/pull/4431

Dev2QA handover

[ ] Does this ticket need a QA test and the testing goals are not clear from the description? Add a Dev2QA handover comment

venetrius commented 2 weeks ago

Changes were successful, httpclient-4.5.12.jar is not part of the packaged jar anymore. Dependency scanner closed the vulnerability issue: https://github.com/camunda/automation-platform-vulnerability-scan/issues/3209.

QA note: @gbetances089 no specific testing required for this issue, as this reverts a change in a packaged dependency. I will do a smoke test for all distro-s for the parent issue.

Closing this issue.