The HttpComponents project is pleased to announce 4.3.1 GA release of Apache HttpClient. This is a bug fix release that addresses a number issues reported since release 4.3 including a major regression in the area of SSL security. Due to this regression HttpClient instances created without an explicit hostname verifier perform no hostname verification making SSL/TLS communication potentially vulnerable to man-in-the-middle type of exploits. Please note this regression exists in version 4.3 only and does not affect previous releases in the 4.2 and 4.3 branches.
All users of HttpClient 4.3 are strongly encouraged to upgrade. ------------------- Download - <http://hc.apache.org/downloads.cgi> Release notes - <http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.3.x.txt> HttpComponents site - <http://hc.apache.org/> ------------------- About Apache HttpClient Although the java.net package provides basic functionality for accessing resources via HTTP, it doesn't provide the full flexibility or functionality needed by many applications. HttpClient seeks to fill this void by providing an efficient, up-to-date, and feature-rich package implementing the client side of the most recent HTTP standards and recommendations. Designed for extension while providing robust support for the base HTTP protocol, HttpClient may be of interest to anyone building HTTP-aware client applications such as web browsers, web service clients, or systems that leverage or extend the HTTP protocol for distributed communication. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
