[
https://issues.apache.org/jira/browse/HTTPCLIENT-1888?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16326594#comment-16326594
]
Benjamin Muschko commented on HTTPCLIENT-1888:
----------------------------------------------
It would be good to get a new version so we can avoid shipping Gradle with a
security vulnerability. For more information, see
[https://github.com/gradle/gradle/issues/3859.] That's the main reason why we
are planning to upgrade.
> NullPointerException in SystemDefaultCredentialsProvider.getCredentials when
> AuthScope.orgin is null
> ----------------------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1888
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1888
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Affects Versions: 4.5.4
> Reporter: Collin Peters
> Priority: Critical
> Fix For: 4.5.5, 4.6 Alpha1
>
>
> 4.5.4 has the following line in
> [SystemDefaultCredentialsProvider|https://github.com/apache/httpcomponents-client/blob/4.5.4/httpclient/src/main/java/org/apache/http/impl/client/SystemDefaultCredentialsProvider.java#L114]
> {code}
> final String protocol = origin != null ? origin.getSchemeName() :
> (origin.getPort() == 443 ? "https" : "http");
> {code}
> So 'origin' is still accessed when it is determined that it is null.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
