OFBiz › OFBiz - Dev

[jira] [Comment Edited] (OFBIZ-6755) Update the passport component to use httpclient/core-4.4.1 instead of commons-httpclient-3.1

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

Nicolas Malin (Jira)

[jira] [Comment Edited] (OFBIZ-6755) Update the passport component to use httpclient/core-4.4.1 instead of commons-httpclient-3.1

[ https://issues.apache.org/jira/browse/OFBIZ-6755?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15234203#comment-15234203 ]

Jacques Le Roux edited comment on OFBIZ-6755 at 4/10/16 5:22 PM:
-----------------------------------------------------------------

At revision: 1738443, I had to revert the changes in SolrUtil.java which slipped in with r1738407. It was unrelated with the passport fix and should not have been committed with it and then backported

was (Author: jacques.le.roux):
I had to revert the changes in SolrUtil.java which slipped in with r1738407. It was unrelated with the passport fix and should not have been committed with it and then backported

> Update the passport component to use httpclient/core-4.4.1 instead of commons-httpclient-3.1
> --------------------------------------------------------------------------------------------
>
> Key: OFBIZ-6755
> URL: https://issues.apache.org/jira/browse/OFBIZ-6755
> Project: OFBiz
> Issue Type: Sub-task
> Components: specialpurpose/passport
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Shi Jinghai
> Fix For: Upcoming Branch, 15.12.01
>
>
> The passport component uses commons-httpclient-3.1. This librairies is not only deprecated but also faces a number of vulnerabilties:
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5262
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3577
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153
> The solution is to update to httpclient/core-4.4.1 that we have already in base/lib

--
This message was sent by Atlassian JIRA
(v6.3.4#6332)