Skip to content

OAK-9482: upgrade httpclient to 4.5.13 #310

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fabriziofortino merged 3 commits into from
Jul 7, 2021
Merged

OAK-9482: upgrade httpclient to 4.5.13 #310

fabriziofortino merged 3 commits into from
Jul 7, 2021

Conversation

@fabriziofortino
Copy link
Contributor

@fabriziofortino fabriziofortino commented Jul 2, 2021

No description provided.

reschke
reschke requested changes Jul 2, 2021
View reviewed changes
Copy link
Contributor

@reschke reschke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should update httpcore as well.

@fabriziofortino
Copy link
Contributor Author

fabriziofortino commented Jul 6, 2021

@reschke I did not because httpclient 4.5.13 is compiled/tested/released with httpcore 4.4.13 (https://github.com/apache/httpcomponents-client/blob/rel/v4.5.13/pom.xml#L69). The latest httpcore will be used in the next release of httpclient.

@thomasmueller
Copy link
Member

thomasmueller commented Jul 6, 2021

Test

@thomasmueller thomasmueller self-requested a review July 6, 2021 09:35
@fabriziofortino
Copy link
Contributor Author

fabriziofortino commented Jul 6, 2021

@reschke correct, the update to v 4.5.13 is to avoid the vulnerability you mentioned (https://issues.apache.org/jira/browse/OAK-9482)

@reschke
Copy link
Contributor

reschke commented Jul 6, 2021

Yep, I misread the CVE.

Anyway; I understand the desire to use this combination, but given the fact that there are bugfixes in httpcore I really do not understand why we wouldn't use it, There's a reason why that release was made.

@fabriziofortino fabriziofortino requested a review from reschke July 6, 2021 11:54
@fabriziofortino fabriziofortino merged commit fb6986d into apache:trunk Jul 7, 2021
@fabriziofortino fabriziofortino deleted the OAK-9482 branch July 7, 2021 07:16
Joscorbe pushed a commit to Joscorbe/jackrabbit-oak that referenced this pull request Sep 3, 2021
@fabriziofortino @Joscorbe
OAK-9482: upgrade httpclient to 4.5.13 (apache#310)
b9c4a84 
* OAK-9482: upgrade httpclient to 4.5.13

* OAK-9482: align httpmime to v 4.5.13

* OAK-9482: upgrade httpcore to 4.4.14
reschke pushed a commit that referenced this pull request Mar 20, 2023
@fabriziofortino @reschke
OAK-9482: upgrade httpclient to 4.5.13 (#310)
180e158 
* OAK-9482: upgrade httpclient to 4.5.13

* OAK-9482: align httpmime to v 4.5.13

* OAK-9482: upgrade httpcore to 4.4.14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@reschke reschke reschke approved these changes

@thomasmueller thomasmueller thomasmueller approved these changes

@averma21 averma21 averma21 approved these changes

@nit0906 nit0906 Awaiting requested review from nit0906

@tihom88 tihom88 Awaiting requested review from tihom88

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fabriziofortino @thomasmueller @reschke @averma21