{"id":36425907,"url":"https://github.com/steinarb/jersey-karaf-feature","last_synced_at":"2026-01-11T18:00:14.397Z","repository":{"id":57738146,"uuid":"191051363","full_name":"steinarb/jersey-karaf-feature","owner":"steinarb","description":"An apache karaf feature repository containing a feature that will load the Jersey JAX-RS implementation","archived":false,"fork":false,"pushed_at":"2025-07-03T03:11:14.000Z","size":136,"stargazers_count":2,"open_issues_count":3,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-07-19T00:49:25.286Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/steinarb.png","metadata":{"files":{"readme":"README.org","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-06-09T20:17:42.000Z","updated_at":"2025-06-18T17:22:21.000Z","dependencies_parsed_at":"2023-01-22T02:07:36.966Z","dependency_job_id":"e7663a79-83c7-4ef4-8ea3-c51b989d717c","html_url":"https://github.com/steinarb/jersey-karaf-feature","commit_stats":null,"previous_names":[],"tags_count":27,"template":false,"template_full_name":null,"purl":"pkg:github/steinarb/jersey-karaf-feature","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steinarb%2Fjersey-karaf-feature","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steinarb%2Fjersey-karaf-feature/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steinarb%2Fjersey-karaf-feature/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steinarb%2Fjersey-karaf-feature/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/steinarb","download_url":"https://codeload.github.com/steinarb/jersey-karaf-feature/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steinarb%2Fjersey-karaf-feature/sbom","scorecard":{"id":850907,"data":{"date":"2025-08-11","repo":{"name":"github.com/steinarb/jersey-karaf-feature","commit":"d5e515c947a1455eb61923df69e2060ab1ff0440"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.4,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/12 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":10,"reason":"26 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/jersey-karaf-feature-maven-ci-build.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/steinarb/jersey-karaf-feature/jersey-karaf-feature-maven-ci-build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/jersey-karaf-feature-maven-ci-build.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/steinarb/jersey-karaf-feature/jersey-karaf-feature-maven-ci-build.yml/master?enable=pin","Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/jersey-karaf-feature-maven-ci-build.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 18 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T22:30:38.925Z","repository_id":57738146,"created_at":"2025-08-23T22:30:38.925Z","updated_at":"2025-08-23T22:30:38.925Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28316877,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-11T14:58:17.114Z","status":"ssl_error","status_checked_at":"2026-01-11T14:55:53.580Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-11T18:00:13.563Z","updated_at":"2026-01-11T18:00:14.378Z","avatar_url":"https://github.com/steinarb.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"* Jersey karaf feature\n\nThis is a maven pom that generates an apache karaf feature repository with a feature loading the jersey JAX-RS implementation.\n\n[[https://github.com/steinarb/jersey-karaf-feature/actions/workflows/jersey-karaf-feature-maven-ci-build.yml][file:https://github.com/steinarb/jersey-karaf-feature/actions/workflows/jersey-karaf-feature-maven-ci-build.yml/badge.svg]]\n[[https://maven-badges.herokuapp.com/maven-central/no.priv.bang.karaf/jersey-karaf-feature][file:https://maven-badges.herokuapp.com/maven-central/no.priv.bang.karaf/jersey-karaf-feature/badge.svg]]\n\n** Installing the feature in karaf\n\nGive the following commands from the karaf console:\n#+BEGIN_EXAMPLE\n feature:repo-add mvn:no.priv.bang.karaf/jersey/LATEST/xml/features\n feature:install jersey-karaf-feature\n#+END_EXAMPLE\n\n** Use the feature in a maven project\n\nIf you have a maven project building an OSGi bundle with a karaf feature repository attached, using the [[https://svn.apache.org/repos/asf/karaf/site/production/manual/latest/karaf-maven-plugin.html#_using_the_karaf_maven_plugin][karaf-maven-plugin]], then you can add a runtime dependency to this feature by adding the following to the maven dependencies of your project:\n 1. Import the BoM (Bill of Materials) in your project's dependencyManagement\n #+BEGIN_SRC xml\n \u003cbuild\u003e\n \u003cdependencyManagement\u003e\n \u003cdependencies\u003e\n \u003cdependency\u003e\n \u003cgroupId\u003eno.priv.bang.karaf\u003c/groupId\u003e\n \u003cartifactId\u003ejersey\u003c/artifactId\u003e\n \u003cversion\u003e1.9.11\u003c/version\u003e\n \u003ctype\u003epom\u003c/type\u003e\n \u003cscope\u003eimport\u003c/scope\u003e\n \u003c/dependency\u003e\n \u003c/dependencies\u003e\n \u003c/dependencyManagement\u003e\n \u003c/build\u003e\n #+END_SRC\n 2. Add a dependency to the karaf feature repository of the feature (/note/: no version, because that is supplied by the BoM import)\n #+BEGIN_SRC xml\n \u003cbuild\u003e\n \u003cdependencies\u003e\n \u003cdependency\u003e\n \u003cgroupId\u003eno.priv.bang.karaf\u003c/groupId\u003e\n \u003cartifactId\u003ejersey\u003c/artifactId\u003e\n \u003ctype\u003exml\u003c/type\u003e\n \u003cclassifier\u003efeatures\u003c/classifier\u003e\n \u003c/dependency\u003e\n \u003c/dependencies\u003e\n \u003c/build\u003e\n #+END_SRC\n\n** Release history\n\nIt might simplify things if I'm able give the feature the same version number as the jersey version the feature pulls in and starts. But for the moment the version numbers are different.\n\nAlso I have to bump HK2 (maybe) and jackson (for sure) at the same time when making a new release of this karaf feature and the versions of HK2 and jackson don't match the jersey version.\n\n| Date | Release | Jersey version | Comment |\n|------------------------+---------+----------------+----------------------------------------------------------------------------------------------------|\n| \u003c2025-06-18 Wed 19:18\u003e | 1.9.11 | 2.47 | Use jersey 2.47 and jackson 2.19.1, first central portal publish |\n| \u003c2025-05-04 Sun 21:53\u003e | 1.9.10 | 2.46 | Use jersey 2.46 and jackson 2.19.0 |\n| \u003c2024-08-02 Fri 16:46\u003e | 1.9.9 | 2.44 | Use jersey 2.44 and jackson 2.17.2 |\n| \u003c2024-03-25 Mon 10:41\u003e | 1.9.8 | 2.42 | Use jersey 2.42 and jackson 2.16.2 |\n| \u003c2023-11-04 Sat 22:58\u003e | 1.9.7 | 2.41 | Use jersey 2.41 and jackson 2.15.1, replace javax.ws.rs-api 2.1.1 with jakarta.ws.rs-api 2.1.6 |\n| \u003c2023-07-30 Sun 12:49\u003e | 1.9.6 | 2.40 | Use jersey 2.40 and jackson 2.15.2 |\n| \u003c2023-04-25 Tue 22:52\u003e | 1.9.5 | 2.39.1 | Use jackson 2.15.0 to really fix CWE-400 |\n| \u003c2023-04-24 Mon 18:20\u003e | 1.9.4 | 2.39.1 | Use jersey 2.39.1. Also use jackson 2.14.2 to fix CWE-400 |\n| \u003c2022-11-28 Mon 20:13\u003e | 1.9.3 | 2.37 | Use jersey 2.37. Also use jackson 2.14.1 to fix CVE-2022-42003 and CVE-2022-42004 |\n| \u003c2022-08-09 Tue 22:21\u003e | 1.9.2 | 2.36 | Use jersey 2.36 |\n| \u003c2022-05-30 Mon 20:18\u003e | 1.9.1 | 2.35 | Use jackson 2.13.3 |\n| \u003c2022-05-28 Sat 23:10\u003e | 1.9.0 | 2.35 | Use karaf 4.4.0 and OSGi 8 |\n| \u003c2022-02-19 Sat 21:59\u003e | 1.8.5 | 2.35 | jersey 2.35 and jackson 2.13.1 |\n| \u003c2021-06-15 Tue 19:23\u003e | 1.8.4 | 2.34 | jersey 2.34 and jackson 2.12.3 |\n| \u003c2021-05-02 Sun 17:09\u003e | 1.8.3 | 2.33 | Split repository feature into multiple files, add jackson java.time module feature |\n| \u003c2021-04-17 Sat 17:17\u003e | 1.8.2 | 2.33 | Add a Bill of Materials (BoM) POM |\n| \u003c2021-01-24 Sun 21:00\u003e | 1.8.1 | 2.33 | Use jersey 2.33 and jackson 2.12.1 |\n| \u003c2021-01-23 Sat 13:28\u003e | 1.8.0 | 2.30.1 | Changed the maven coordinates of the feature to allow for integration test |\n| \u003c2020-09-11 Fri 19:35\u003e | 1.7.1 | 2.30.1 | Don't load servicemix javax.inject at runtime (might conflict with the HK2 javax.inject bundle) |\n| \u003c2020-04-09 Thu 20:29\u003e | 1.7.0 | 2.30.1 | Use jackson 2.10.3 and HK2 2.6.1 |\n| \u003c2020-03-04 Wed 23:49\u003e | 1.6.0 | 2.30 | Use jackson-databind 2.9.10.3 |\n| \u003c2020-02-07 Fri 21:55\u003e | 1.5.0 | 2.30 | Use jersey 2.30 and jackson-databind 2.9.10.2 (/Note/! [[https://github.com/eclipse-ee4j/jersey/issues/4156][jersey 2.28 doesn't work on OSGi with JDK8]]) |\n| \u003c2019-11-05 Tue 22:22\u003e | 1.4.0 | 2.28 | Use jackson-databind 2.9.10.1 |\n| \u003c2019-06-08 Sat 22:22\u003e | 1.3.0 | 2.28 | Use jackson 2.9.10 |\n| \u003c2019-08-01 Thu 09:33\u003e | 1.2.0 | 2.28 | Use security mini-patch 2.9.9.2 of jackson-databind |\n| \u003c2019-06-10 Mon 20:46\u003e | 1.1.0 | 2.27 | Split HK2 into separate feature that is loaded first |\n| \u003c2019-06-09 Sun 22:22\u003e | 1.0.0 | 2.27 | |\n\n** License\n\nThe license of this karaf feature, is Apache Public License v 2.0\n\nSee the LICENSE file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsteinarb%2Fjersey-karaf-feature","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsteinarb%2Fjersey-karaf-feature","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsteinarb%2Fjersey-karaf-feature/lists"}