[
https://issues.apache.org/jira/browse/OFBIZ-6755?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15223886#comment-15223886
]
Shi Jinghai commented on OFBIZ-6755:
------------------------------------
Hi Jacques,
Let me test the changes now. I'll feed back in one hour.
-----邮件原件-----
发件人: Jacques Le Roux (JIRA) [mailto:[email protected]]
发送时间: 2016年4月4日 17:41
收件人: [email protected]
主题: [jira] [Commented] (OFBIZ-6755) Update the passport component to use
httpclient/core-4.4.1 instead of commons-httpclient-3.1
[
https://issues.apache.org/jira/browse/OFBIZ-6755?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15223879#comment-15223879
]
Jacques Le Roux commented on OFBIZ-6755:
----------------------------------------
Hi Jinghai,
I'd like to backport r1735021 (and 1736890) in R15.12, what do you think?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
> Update the passport component to use httpclient/core-4.4.1 instead of
> commons-httpclient-3.1
> --------------------------------------------------------------------------------------------
>
> Key: OFBIZ-6755
> URL: https://issues.apache.org/jira/browse/OFBIZ-6755
> Project: OFBiz
> Issue Type: Sub-task
> Components: specialpurpose/passport
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Shi Jinghai
> Fix For: Upcoming Branch
>
>
> The passport component uses commons-httpclient-3.1. This librairies is not
> only deprecated but also faces a number of vulnerabilties:
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5262
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3577
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153
> The solution is to update to httpclient/core-4.4.1 that we have already in
> base/lib
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
