Old http client library with known vulnerability used in implementation

The library pulls in commons-httpclient 3.1 which has a known vulnerability making it possible to spoof SSL servers, see https://access.redhat.com/security/cve/CVE-2012-5783 for details. Should be replaced with something that does not have a known vulnerability. (e.g org.apache.httpcomponents:httpclient)
