Update third-party license file for Open Integration Engine rebrand#276
Conversation
tonygermano
commented
Mar 28, 2026
tonygermano
commented
- Rename all references from Mirth Connect to Open Integration Engine
- Update dependency versions to match current libraries: Log4j 1.2.16 -> 2.25.3, PDFBox 1.8.4 -> 2.0.24, Guava 28.2 -> 32.0.1, Netty 4.1.41 -> 4.1.119, Jetty 9.4.53 -> 9.4.57, Derby 10.10.1.1 -> 10.10.2.0, HikariCP 2.3.2 -> 2.5.1, Joda-Time 2.2 -> 2.9.9, Velocity Engine 2.2 -> 2.3, Velocity Tools 3.0 -> 3.1, Standard Taglib 1.2.1 -> 1.2.5, PostgreSQL JDBC 9.4 -> 42.7.8, XStream 1.4.4 -> 1.4.20, SLF4J 1.7.28 -> 1.7.30, Jsch 0.2.13 -> 2.27.7, MySQL Connector/J 8.2.0 -> 8.4.0, JS Beautifier 1.6.8 -> 1.15.3
- Replace [Mirth Connect only] / [Server only] labeling with [incl. CLI] to tag the exception (CLI-shared) rather than the rule (engine-only)
- Add header explaining the [incl. CLI] convention
- Add missing java-semver 0.10.2 (MIT) license entry
- Add [incl. CLI] tags to CDDL/MPL/EPL-section libraries that ship with the CLI: HK2, JAXB, Jersey, Mimepull, Javassist, Rhino, XPP3, XStream, Bouncy Castle, SLF4J, Java Common Annotations, JavaBeans Activation
- Correct StAXON from server-only to CLI-shared
- Move JavaBeans Activation Framework 1.2.0 (CDDL-1.1) to 1.2.1 (EDL-1.0) and JavaMail API 1.5.0 (CDDL-1.0) to Jakarta Mail API 1.6.7 (EPL-2.0) to reflect the javax -> jakarta/Eclipse Foundation transition
- Fix Mozilla Rhino source URL to https://github.com/mozilla/rhino
- Remove redundant "included with Open Integration Engine" boilerplate from individual entries now that the header establishes this
|
Is it necessary to list the version numbers here? Seems overly complicated |
|
@NicoPiel Since the original has version numbers we should keep it. This is not only a license file. It is also an SBOM. I think shipping this as is for 4.6.0 is okay. Then once 4.6.0 ships I hope we can get your Gradle work prioritized. With Gradle it should be trivial to generate a license doc or an SBOM |
tonygermano
requested review from
a team,
NicoPiel,
gibson9583,
kayyagari,
pacmano1 and
ssrowe
and removed request for
a team
kayyagari
left a comment
kayyagari
left a comment
There was a problem hiding this comment.
@tonygermano this effort is very meticulous, am curious if you wrote a script or something else to gather all the details.
tonygermano
dismissed stale reviews from kayyagari, gibson9583, jonbartels, and mgaffigan
via
f2a86f6
tonygermano
force-pushed
the
maint/update-third-party-licenses
branch
from
fe2e579 to
f2a86f6
Compare
NicoPiel
left a comment
NicoPiel
left a comment
There was a problem hiding this comment.
Looks good. We should keep in mind to do this automatically with Gradle in the future.
- Rename all references from Mirth Connect to Open Integration Engine - Update dependency versions to match current libraries: Log4j 1.2.16 -> 2.25.3, PDFBox 1.8.4 -> 2.0.24, Guava 28.2 -> 32.0.1, Netty 4.1.41 -> 4.1.119, Jetty 9.4.53 -> 9.4.57, Derby 10.10.1.1 -> 10.10.2.0, HikariCP 2.3.2 -> 2.5.1, Joda-Time 2.2 -> 2.9.9, Velocity Engine 2.2 -> 2.3, Velocity Tools 3.0 -> 3.1, Standard Taglib 1.2.1 -> 1.2.5, PostgreSQL JDBC 9.4 -> 42.7.8, XStream 1.4.4 -> 1.4.20, SLF4J 1.7.28 -> 1.7.30, Jsch 0.2.13 -> 2.27.7, MySQL Connector/J 8.2.0 -> 8.4.0, JS Beautifier 1.6.8 -> 1.15.3 - Replace [Mirth Connect only] / [Server only] labeling with [incl. CLI] to tag the exception (CLI-shared) rather than the rule (engine-only) - Add header explaining the [incl. CLI] convention - Add missing java-semver 0.10.2 (MIT) license entry - Add [incl. CLI] tags to CDDL/MPL/EPL-section libraries that ship with the CLI: HK2, JAXB, Jersey, Mimepull, Javassist, Rhino, XPP3, XStream, Bouncy Castle, SLF4J, Java Common Annotations, JavaBeans Activation - Correct StAXON from server-only to CLI-shared - Move JavaBeans Activation Framework 1.2.0 (CDDL-1.1) to 1.2.1 (EDL-1.0) and JavaMail API 1.5.0 (CDDL-1.0) to Jakarta Mail API 1.6.7 (EPL-2.0) to reflect the javax -> jakarta/Eclipse Foundation transition - Fix Mozilla Rhino source URL to https://github.com/mozilla/rhino - Remove redundant "included with Open Integration Engine" boilerplate from individual entries now that the header establishes this Signed-off-by: Tony Germano <tony@germano.name>
tonygermano
force-pushed
the
maint/update-third-party-licenses
branch
from
f2a86f6 to
be1072d
Compare
@kayyagari I used claude to check the versions in the existing file against the libraries in the repo. I also had it verify that all of the CLI libraries existed in one of the main engine projects and do the relabeling of which libraries were included with the CLI, because it was really confusing and inconsistent how things were labeled before. I had to tell it about the license change from when I moved from the javax to the jakarta libs. I also told it that java-semver was missing as I remembered we added that library fairly early on, and it never made it into this file. I also manually updated some of the URLs that I knew had changed. I think Gradle will help automate a lot of this, but there are still some things we may need to manually track. |
7 participants
