[jira] [Commented] (RAT-275) Update httpclient to fix CVE once a new doxia-core release is available

ASF subversion and git services (Jira) Sun, 11 Oct 2020 00:49:37 -0700


    [ 
https://issues.apache.org/jira/browse/RAT-275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17211844#comment-17211844
 ]


ASF subversion and git services commented on RAT-275:
-----------------------------------------------------

Commit eb61a08ef99489d21d79320ce3bf068573c59ea7 in creadur-rat's branch 
refs/heads/master from Hugo Hirsch
[ https://gitbox.apache.org/repos/asf?p=creadur-rat.git;h=eb61a08 ]

RAT-275: Update to latest available doxia-core, does not fix httpclient problem 
yet


> Update httpclient to fix CVE once a new doxia-core release is available
> -----------------------------------------------------------------------
>
>                 Key: RAT-275
>                 URL: https://issues.apache.org/jira/browse/RAT-275
>             Project: Apache Rat
>          Issue Type: Bug
>    Affects Versions: 0.13, 0.14
>            Reporter: Philipp Ottlinger
>            Priority: Major
>
> Once a newer doxia version is available update to it in order to fix:
> [https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1016906]
> h2. Remediation
> Upgrade {{org.apache.httpcomponents:httpclient}} to version 4.5.13, 5.0.3 or 
> higher.
>  
> Currently the most up2date doxia uses v4.5.8 of httpclient.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (RAT-275) Update httpclient to fix CVE once a new doxia-core release is available

Reply via email to