License of "Zeebe Gateway Protocol" and "Zeebe Client Java" #8364
Assignees
Labels
kind/bug
Categorizes an issue or PR as a bug
Comments
9 tasks
|
Hi @MichaelHornung, this seems to have been an oversight. The |
npepinpe
added
kind/bug
ghost
pushed a commit
that referenced
this issue
Jan 21, 2022
8630: deps(maven): bump versions-maven-plugin from 2.8.1 to 2.9.0 r=npepinpe a=dependabot[bot] Bumps [versions-maven-plugin](https://github.com/mojohaus/versions-maven-plugin) from 2.8.1 to 2.9.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mojohaus/versions-maven-plugin/releases">versions-maven-plugin's releases</a>.</em></p> <blockquote> <h2>2.9.0</h2> <h2>Changes</h2> <ul> <li>Fix detection of plugin updates requiring newer Maven for building than (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/527">#527</a>) <a href="https://github.com/kwin"><code>@kwin</code></a></li> <li>update-properties page was using use-releases goal instead (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/245">#245</a>) <a href="https://github.com/MarcoLotz"><code>@MarcoLotz</code></a></li> <li>Fixes <a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/439">#439</a> : String index out of range: 9 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/444">#444</a>) <a href="https://github.com/ghusta"><code>@ghusta</code></a></li> <li>363:Force update parent version with real version (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/364">#364</a>) <a href="https://github.com/akilantech"><code>@akilantech</code></a></li> <li>Removal of not needed calls to toString() in the code base (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/468">#468</a>) <a href="https://github.com/obfischer"><code>@obfischer</code></a></li> <li>fix(resolve-ranges): fail properly on managed dep without version (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/452">#452</a>) <a href="https://github.com/mfriedenhagen"><code>@mfriedenhagen</code></a></li> </ul> <h2>🚀 New features and improvements</h2> <ul> <li>Fixes <a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/426">#426</a> restore default behavior on setting versions in all modules of the local aggregation root that was present before the fix for <a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/82">#82</a> (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/427">#427</a>) <a href="https://github.com/stefanseifert"><code>@stefanseifert</code></a></li> <li><a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/453">#453</a> update Reproducible Builds outputTimestamp when setting version (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/522">#522</a>) <a href="https://github.com/hboutemy"><code>@hboutemy</code></a></li> <li>[Enhancement] Display "Latest" Versions in Reports Summary (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/478">#478</a>) <a href="https://github.com/sultan"><code>@sultan</code></a></li> <li>Fixes <a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/469">#469</a> Support.property file in set-property (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/470">#470</a>) <a href="https://github.com/arkel-s"><code>@arkel-s</code></a></li> <li>Sort properties by Property name in "Property Updates Report" (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/455">#455</a>) <a href="https://github.com/sultan"><code>@sultan</code></a></li> <li>Upgrade parent 63 and Java 1.8 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/461">#461</a>) <a href="https://github.com/olamy"><code>@olamy</code></a></li> </ul> <h2>📦 Dependency updates</h2> <ul> <li>Bump woodstox-core from 6.2.7 to 6.2.8 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/530">#530</a>) <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>Bump plexus-container-default from 2.1.0 to 2.1.1 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/520">#520</a>) <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>Bump doxia-site-renderer from 1.10 to 1.11.1 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/518">#518</a>) <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>Bump mockito-core from 4.1.0 to 4.2.0 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/517">#517</a>) <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>Bump doxiaVersion from 1.10 to 1.11.1 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/514">#514</a>) <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>Bump mockito-core from 3.12.4 to 4.1.0 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/508">#508</a>) <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>Bump mrm-maven-plugin from 1.2.0 to 1.3.0 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/511">#511</a>) <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>Bump junit-bom from 5.8.1 to 5.8.2 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/512">#512</a>) <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>Bump maven-plugin-annotations from 3.6.1 to 3.6.2 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/513">#513</a>) <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>Bump wagonVersion from 3.4.0 to 3.4.3 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/496">#496</a>) <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>Bump woodstox-core from 6.2.6 to 6.2.7 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/506">#506</a>) <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>Bump mojo-parent from 63 to 65 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/510">#510</a>) <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>Bump junit-bom from 5.8.0 to 5.8.1 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/497">#497</a>) <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>Bump junit-bom from 5.7.2 to 5.8.0 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/495">#495</a>) <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>Upgrade Codehaus Woodstox to FasterXML Woodstox 6.2.6 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/489">#489</a>) <a href="https://github.com/slachiewicz"><code>@slachiewicz</code></a></li> <li>Upgrade plexus-interactivity-api to 1.1 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/488">#488</a>) <a href="https://github.com/slachiewicz"><code>@slachiewicz</code></a></li> <li>mockito update (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/486">#486</a>) <a href="https://github.com/nhojpatrick"><code>@nhojpatrick</code></a></li> <li>hamcrest v2.2 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/381">#381</a>) <a href="https://github.com/nhojpatrick"><code>@nhojpatrick</code></a></li> <li>Use JUnit 5 instead of JUnit 4 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/473">#473</a>) <a href="https://github.com/obfischer"><code>@obfischer</code></a></li> <li>Java 8 code style update and bump some maven dependencies (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/463">#463</a>) <a href="https://github.com/olamy"><code>@olamy</code></a></li> <li>Bump junit from 4.12 to 4.13.1 in /src/it/it-set-010-issue-198/fake-api (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/433">#433</a>) <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>Bump junit from 4.8 to 4.13.1 in /src/it/it-compare-dependencies-002 (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/434">#434</a>) <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>Update maven-invoker-plugin to 3.2.2 to fix JDK16 build (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/448">#448</a>) <a href="https://github.com/famod"><code>@famod</code></a></li> </ul> <h2>👻 Maintenance</h2> <ul> <li>Use only major version (v5) of release drafter (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/532">#532</a>) <a href="https://github.com/stefanseifert"><code>@stefanseifert</code></a></li> <li>Configure Release Drafter for Semantic Versioning (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/525">#525</a>) <a href="https://github.com/stefanseifert"><code>@stefanseifert</code></a></li> <li>Fix github actions badge in README to reflect current GitHub workflows (<a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/524">#524</a>) <a href="https://github.com/stefanseifert"><code>@stefanseifert</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mojohaus/versions-maven-plugin/commit/d9464d63e97205f2575c2896cfc2abd52a1c7e67"><code>d9464d6</code></a> [maven-release-plugin] prepare release versions-maven-plugin-2.9.0</li> <li><a href="https://github.com/mojohaus/versions-maven-plugin/commit/55a39fa1e9f3ef1bfe3b540d0b2dc76a6bfbf45d"><code>55a39fa</code></a> use only major version (v5) of release drafter</li> <li><a href="https://github.com/mojohaus/versions-maven-plugin/commit/7b90796754a7f4a4ccf3184a4a2eb899b9fcd41d"><code>7b90796</code></a> Bump woodstox-core from 6.2.7 to 6.2.8</li> <li><a href="https://github.com/mojohaus/versions-maven-plugin/commit/dce93bea88a3d3d0a34d7ec283dc6235c6bee4af"><code>dce93be</code></a> Fix detection of plugin updates requiring newer Maven for building than for r...</li> <li><a href="https://github.com/mojohaus/versions-maven-plugin/commit/279d90a805fbb1d736bd6464420bc0636f410b0f"><code>279d90a</code></a> Merge branch 'issue/426-local-root'</li> <li><a href="https://github.com/mojohaus/versions-maven-plugin/commit/740e0b47cebcbec95674b1aae342a2f246d1265b"><code>740e0b4</code></a> <a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/426">#426</a> add missing imports (after merging with master)</li> <li><a href="https://github.com/mojohaus/versions-maven-plugin/commit/ce83fdff13e2b24a3cd3deb5a6a2c9dff5226182"><code>ce83fdf</code></a> Fixes <a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/426">#426</a> restore default behavior on setting versions in all modules of the...</li> <li><a href="https://github.com/mojohaus/versions-maven-plugin/commit/04afc2c4b9c98cb9ff7cf4f8e0b7d5678cf58fe7"><code>04afc2c</code></a> <a href="https://github-redirect.dependabot.com/mojohaus/versions-maven-plugin/issues/453">#453</a> update Reproducible Builds outputTimestamp when setting version</li> <li><a href="https://github.com/mojohaus/versions-maven-plugin/commit/b827092e1aed06747434cf00e0cbf83525c64c10"><code>b827092</code></a> enable version resolver for semantic plugin versioning based on tags</li> <li><a href="https://github.com/mojohaus/versions-maven-plugin/commit/357b8a0e7bd02b5f64bccc3f15e28d357b63bd06"><code>357b8a0</code></a> Bump plexus-container-default from 2.1.0 to 2.1.1</li> <li>Additional commits viewable in <a href="https://github.com/mojohaus/versions-maven-plugin/compare/versions-maven-plugin-2.8.1...versions-maven-plugin-2.9.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> 8634: Mark gateway-protocol as compile time dependency r=npepinpe a=npepinpe ## Description Marks the gateway-protocol module as a compile dependency only to avoid licensing issues. The protocol is licensed under the Zeebe Community License, whereas the implementation module is licensed under Apache 2. As this is meant to be embedded into other applications, it's better to use the more permissive and understood of the two licenses. Additionally, the protocol dependency is really only there to ensure that the implementation module always runs after during a maven build, allowing the build to pre-process or generate any resources for the protocol module before the implementation's. I'm not backporting this as it could be considered a breaking change. For users of previous versions, what they can do is simply exclude the `gateway-protocol` dependency from their applications for now. ## Related issues closes #8364 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nicolas Pepin-Perreault <nicolas.pepin-perreault@camunda.com>
ghost
pushed a commit
that referenced
this issue
Jan 21, 2022
8634: Mark gateway-protocol as compile time dependency r=npepinpe a=npepinpe ## Description Marks the gateway-protocol module as a compile dependency only to avoid licensing issues. The protocol is licensed under the Zeebe Community License, whereas the implementation module is licensed under Apache 2. As this is meant to be embedded into other applications, it's better to use the more permissive and understood of the two licenses. Additionally, the protocol dependency is really only there to ensure that the implementation module always runs after during a maven build, allowing the build to pre-process or generate any resources for the protocol module before the implementation's. I'm not backporting this as it could be considered a breaking change. For users of previous versions, what they can do is simply exclude the `gateway-protocol` dependency from their applications for now. ## Related issues closes #8364 Co-authored-by: Nicolas Pepin-Perreault <nicolas.pepin-perreault@camunda.com>
ghost
closed this as 
|
Hi. @npepinpe Thanks for explanation and fix. In which version auf Zeebe Client Java will the fix be available? |
|
In 1.4, which is slated for the first week of April. The workaround for now, in Maven, would be to specify your dependency as: <dependency>
<groupId>io.camunda</groupId>
<artifactId>zeebe-client-java</artifactId>
<exclusions>
<exclusion>
<groupId>io.camunda</groupId>
<artifactId>zeebe-gateway-protocol</artifactId>
</exclusion>
</exclusions>
</dependency> |
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
we are using "io.camunda » zeebe-client-java » 1.1.1". On github you explain that Java Client is under "Apache License 2". We did a deep scan of "io.camunda » zeebe-client-java » 1.1.1" and our OSS compliance scanner found gateway-protocol-impl inside zeebe.client-java.
As you explained on github Zeebe Gateway Protocol (API) as published in the gateway-protocol is licensed under the Zeebe Community License 1.1.
Two questions:
From your point of view...is Zeebe Gateway Protocol (API) as published in the gateway-protocol included in "io.camunda » zeebe-client-java » 1.1.1"?
Are we allowed to use "io.camunda » zeebe-client-java » 1.1.1" under "Apache License 2" although gateway-protocol-impl is included?
Thanks and kind regards
Michael Hornung
The text was updated successfully, but these errors were encountered: