[
https://issues.apache.org/jira/browse/HTTPCLIENT-2150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17318594#comment-17318594
]
Michael Osipov edited comment on HTTPCLIENT-2150 at 4/11/21, 9:07 AM:
----------------------------------------------------------------------
Commons Codec 1.12 and above requires Java 8, so this update will not happen in
the 4.x series. You will have to create the dependency in your POM or whatever
build system you use.
was (Author: garydgregory):
Commons Codec 1.12 and above requires Java 7, so this update will not happen in
the 4.x series. You will have to create the dependency in your POM or whatever
build system you use.
> Update to Apache Commons Codec 1.15
> -----------------------------------
>
> Key: HTTPCLIENT-2150
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2150
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpCache
> Affects Versions: 4.5.13
> Reporter: Jochen Schalanda
> Priority: Trivial
> Labels: security
>
> Apache HttpClient 4.5.13 currently depends on Apache Commons Codec 1.11 which
> is vulnerable to
> [WS-2019-0379|https://www.whitesourcesoftware.com/vulnerability-database/WS-2019-0379].
> [https://github.com/apache/httpcomponents-client/blob/rel/v4.5.13/pom.xml#L71]
> The issue has been resolved in [Apache Commons Codec
> 1.13|https://commons.apache.org/proper/commons-codec/changes-report.html#a1.13]
> (CODEC-134).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
