[
https://issues.apache.org/jira/browse/KARAF-7521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17566174#comment-17566174
]
Erik Torres commented on KARAF-7521:
------------------------------------
Thanks a lot for your kind and prompt response Jean-Baptiste, I'll try to also
remove the features repository and run a new scan to see the results. Thanks
> Disable ActiveMQ throgh configuration files
> -------------------------------------------
>
> Key: KARAF-7521
> URL: https://issues.apache.org/jira/browse/KARAF-7521
> Project: Karaf
> Issue Type: Brainstorming
> Environment: Karaf 4.2.3 in linux server with JDK 1.8
> Reporter: Erik Torres
> Priority: Major
>
> In Karaf 4.2.3 in linux server with JDK 1.8,
> Previously I posted a question regarding ActiveMQ where Black Duck Scan,
> point out a vulnerability with
> |Apache ActiveMQ|5.15.9|
> for which, and due that is not used at all in our project, I believe that it
> would be better to remove the dependency, but not quite sure if the approach
> I´m taking is the appropriate one: I'm removing from the <feature
> name="feature" description="Features Support" version="4.2.3"> in the
> standard-4.2.3.features.xml the references to ActiveMQ and Artemis. Do you
> consider that it is OK, or if it should be necessary to make a change or add
> some additional configuration in another file? Thank you and I look forward
> to your comments
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
