This turned out to be a relatively smaller task than what I had
previously thought it would be. That's mainly thanks to the way this
whole interaction with the library, in Ivy, has been designed and kept
isolated from majority of the code.
So as of late yesterday, the master branch now uses 4.5.3 of
HttpComponents HttpClient library. Relevant documentation has been
updated to reflect the same. Additional tests have been added to
test/verify the semantics and also verify some of the issues that were
reported in Ivy due to our usage of the older commons-httpclient.
An upstream master build on Jenkins after these commits has gone fine
too. I'm waiting for at least another round of Jenkins job to finish
(for unrelated reasons our jobs haven't triggered given unavailability
of some Jenkins agents/nodes), before I request some of our users on
ivy-user mailing list to give the latest snapshot a try to see if there
are any unforeseen regressions.
-Jaikiran
On 25/07/17 12:37 AM, Nicolas Lalevée wrote:
Le 24 juil. 2017 à 08:19, Jaikiran Pai <jai.forums2...@gmail.com> a écrit :
That's a a big enough reason to move to HttpComponents Client 4.x version! I'll
have that done in this release of Ivy then.
+1
Nicolas
-Jaikiran
On 24/07/17 11:43 AM, Stefan Bodewig wrote:
On 2017-07-24, Jaikiran Pai wrote:
Ivy currently uses commons-httpclient for dealing with HTTP
repositories. This is an internal implementation detail of Ivy. The
way it's implemented, it allows the user to use a version of their
choice, of this library, by placing them in the runtime classpath
(similar to some other libraries we use). The implementation
internally checks for the presence of 2.x as well as 3.x version of
library to decide which version to use at _runtime_ .
Let me point out that even 3.x has long reached end of life. It's
successor fixed CVE-2012-5783[1] with 4.2.3 but there hasn't been any
3.x release that has fixed it AFAIK.
Stefan
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
