-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: 4.3.1-fuse-00-00
-
Fix Version/s: 4.4.0-fuse-00-27
-
Component/s: None
-
Labels:None
-
External Issue URL:
The following dependencies in the feature descriptor, apache-servicemix-4.3.1-fuse-00-00-features.xml, are incorrect for CXF 2.3.2-fuse-00-00:
<bundle>mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.xmlsec/1.4.3_3</bundle>
<bundle>mvn:org.apache.ws.security/wss4j/1.5.9</bundle>
whereas CXF 2.3.2-fuse-00-00 actually uses WSS4J 1.5.11 (see http://fusesource.com/forge/svn/fusesf/tags/cxf-2.3.2-fuse-00-00/rt/ws/security/pom.xml) and xmlsec 1.4.4 (see http://repo2.maven.org/maven2/org/apache/ws/security/wss4j/1.5.11/wss4j-1.5.11.pom)
We should get these dependencies in alignment and check if any other CXF dependencies in the feature are outdated.
The current workaround is to load the correct WSS4J bundle and let the framework resolve the proper class space based on imports in the client bundles that require the correct WSS4J version. The xmlsec bundle exports unversioned packages and placing multiple versions of this bundle in the container causes issues. Currently the customer is using WSS4J 1.5.11 with the older xmlsec bundle in order to deploy a working solution.
