googleads / googleads-java-lib

Google Ad Manager SOAP API Client Library for Java
Apache License 2.0
226 stars 360 forks source link

Migrate away from apache-axis possibly to axis-2 #240

Closed Grimoren closed 2 years ago

Grimoren commented 2 years ago

apache-axis(1.4) has a high cve: https://cve.report/CVE-2019-0227 and is end of life( will not be patched in later versions).

It seems it has been deprecated in favor axis-2. It seems it's not a straigtforward migration ( cannot simply substitute one dependency for another, as there were package name changes, and etc): https://axis.apache.org/axis2/java/core/docs/migration.html

christopherseeley commented 2 years ago

Thanks for raising this. CVE-2019-0227 impacts servers using apache-axis. This project uses apache-axis for clients. We also distribute a library that uses JAX-WS instead of Apache Axis if you prefer. It was originally developed for AppEngine but works in all environments:

<dependency>
      <groupId>com.google.api-ads</groupId>
      <artifactId>dfp-appengine</artifactId>
      <version>RELEASE</version>
</dependency>