Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Apache HttpComponents HttpClient to v4.3.6 #13

Closed
dzc34 opened this issue Jan 14, 2017 · 0 comments
Closed

Upgrade Apache HttpComponents HttpClient to v4.3.6 #13

dzc34 opened this issue Jan 14, 2017 · 0 comments
Assignees
@dzc34
Labels
type: security

Comments

@dzc34
Copy link
Member

dzc34 commented Jan 14, 2017

Vulnerability

HttpComponents HttpClient before 4.3.5 has a CVSS 5.8 vulnerability
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3577

HttpComponents HttpClient before 4.3.6 has a CVSS 4.3 vulnerability
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5262

Solution

         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.3.1</version>
+            <version>4.3.6</version>
         </dependency>
@dzc34 dzc34 self-assigned this Jan 14, 2017
dzc34 added a commit to dzc34/Contrast-Finder that referenced this issue Jan 14, 2017
@dzc34
Merge branch 'upgrading-dependencies' into develop
eab46e0 
Fixed Asqatasun#13 - Upgraded Apache.HttpComponents HttpClient to v4.3.6
Fixed Asqatasun#14 - Upgraded SpringFrameworkt to v3.2.12 and remove spring-asm
Fixed Asqatasun#15 - Removed commons-httpclient dependency
@dzc34 dzc34 closed this as completed in 0b69213 Jan 14, 2017
dzc34 added a commit to dzc34/Contrast-Finder that referenced this issue Jan 15, 2017
@dzc34
Merge branch 'upgrading-dependencies' into develop
59a2aca 
* upgrading-dependencies:
  Fixed Asqatasun#16 - Changed JSTL artifact (jstl:jstl -> org.apache.taglibs:taglibs-standard-jstlel)
  Fixed Asqatasun#15 - Removed commons-httpclient dependency
  Fixed Asqatasun#14 - Upgraded SpringFrameworkt to v3.2.12 and remove spring-asm
  Fixed Asqatasun#13 - Upgraded Apache.HttpComponents HttpClient to v4.3.6
dzc34 added a commit to dzc34/Contrast-Finder that referenced this issue Jan 15, 2017
@dzc34
Contrast-Finder v0.4.2
3d2886b 
----------------------
  set version to 0.4.2
  Updated CHANGELOG
  Fixed Asqatasun#16 - Changed JSTL artifact (jstl:jstl -> org.apache.taglibs:taglibs-standard-jstlel)
  Fixed Asqatasun#15 - Removed commons-httpclient dependency
  Fixed Asqatasun#14 - Upgraded SpringFrameworkt to v3.2.12 and remove spring-asm
  Fixed Asqatasun#13 - Upgraded Apache.HttpComponents HttpClient to v4.3.6
  updated CONTRIBUTING.md
  fixed Asqatasun#11 - color contrast falling for links
  fixed Asqatasun#10 - color contrast failing for "the color should be between (...)"
  Dockerfile : typo
  set version to 0.4.2-dev
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dzc34 dzc34

Labels
type: security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dzc34