[
https://issues.apache.org/jira/browse/HADOOP-10105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15098661#comment-15098661
]
Wei-Chiu Chuang commented on HADOOP-10105:
------------------------------------------
Guys, due to the security vulnerability issue CVE-2012-5783
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5783, I would highly
suggest that we move away from commons-httpclient. At this point, there are
still a few uncommitted piece.
Thanks!
> remove httpclient dependency
> ----------------------------
>
> Key: HADOOP-10105
> URL: https://issues.apache.org/jira/browse/HADOOP-10105
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Colin Patrick McCabe
> Assignee: Akira AJISAKA
> Priority: Minor
> Attachments: HADOOP-10105.2.patch, HADOOP-10105.part.patch,
> HADOOP-10105.part2.patch, HADOOP-10105.patch
>
>
> httpclient is now end-of-life and is no longer being developed. Now that we
> have a dependency on {{httpcore}}, we should phase out our use of the old
> discontinued {{httpclient}} library in Hadoop. This will allow us to reduce
> {{CLASSPATH}} bloat and get updated code.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
