Call for JAX-RS Assistance

[James Agnew]

Hi All,

I'm wondering if there is someone who works with the JAX-RS framework that would be willing to submit a pull request to either upgrade the resteasy-client library from its current version 4.0.0-Beta3 to the latest published version, or replace it with another provider.

I don't use JAX-RS at all so I am not really familiar with how this framework works, but the current version that we depend on has an open CVE (CVE-2020-25633). I tried bumping the current version to the latest version in Maven Central (4.5.7) but that change causes compile failures with the resteasy-jaxrs library which is also imported. That library doesn't have any 4.x.x JARs available in Maven Central beyond 4.0.0-Beta3 (which was published in 2008), although the 3.x.x series seems to still be actively releasing, but that series doesn't work with the 4.x.x client....

(And this is pretty much exactly why I can't stand the JAX-* libraries and never use them... lol)

Any assistance would be appreciated. Unfortunately due to the open CVE, we'll probably have to drop the JAX-RS support if a solution can't be found.

Cheers,

James