[
https://issues.apache.org/jira/browse/JCR-2406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14965031#comment-14965031
]
Emmanuel Bourg commented on JCR-2406:
-------------------------------------
commons-httpclient has security issues (CVE-2015-5262, CVE-2014-3577,
CVE-2012-6153, CVE-2012-5783) and is no longer maintained, the priority should
probably be raised.
> Upgrade httpclient dependency to 4.0
> ------------------------------------
>
> Key: JCR-2406
> URL: https://issues.apache.org/jira/browse/JCR-2406
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-jcr-server, jackrabbit-spi2dav
> Reporter: Sébastien Launay
> Priority: Minor
>
> Httpclient is one of these libs that tends to be pulled by another third
> party lib and often with conflicted versions (in a traditional environment
> contrary to OSGi).
> Upgrading from 3.0 to 4.0 allows applications to use both Jackrabbit and the
> latest release of HttpClient.
> As discussed in JCR-2389, this is a sensitive task as it can introduce
> regression.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
