[jira] [Closed] (RAT-275) Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available

Philipp Ottlinger (Jira) Wed, 22 Dec 2021 14:18:06 -0800


     [ 
https://issues.apache.org/jira/browse/RAT-275?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Philipp Ottlinger closed RAT-275.
---------------------------------
    Resolution: Fixed

[~slachiewicz] thanks for the notification. After some changes I do hope that 
RAT is safe use the most modern doxia.

> Update httpclient to fix CVE-2020-13956 once a new doxia-core release is 
> available
> ----------------------------------------------------------------------------------
>
>                 Key: RAT-275
>                 URL: https://issues.apache.org/jira/browse/RAT-275
>             Project: Apache Rat
>          Issue Type: Bug
>    Affects Versions: 0.13, 0.14
>            Reporter: Philipp Ottlinger
>            Assignee: Philipp Ottlinger
>            Priority: Major
>             Fix For: 0.14
>
>
> Once a newer doxia version is available update to it in order to fix:
> [https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1016906]
> h2. Remediation
> Upgrade {{org.apache.httpcomponents:httpclient}} to version 4.5.13, 5.0.3 or 
> higher.
>  Currently the most up2date doxia uses v4.5.8 of httpclient.
> h2. Update
>  * The branch "update-doxia-tools" tries to update some other outdated 
> components in RAT as well ....
>  * 2021-06-21: Upcoming release of doxia stuff v1.10 ....



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Closed] (RAT-275) Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available

Reply via email to