[ 
https://issues.apache.org/jira/browse/OOZIE-2538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15496697#comment-15496697
 ] 

Hadoop QA commented on OOZIE-2538:
----------------------------------

Testing JIRA OOZIE-2538

Cleaning local git workspace

----------------------------

{color:green}+1 PATCH_APPLIES{color}
{color:green}+1 CLEAN{color}
{color:red}-1 RAW_PATCH_ANALYSIS{color}
.    {color:green}+1{color} the patch does not introduce any @author tags
.    {color:green}+1{color} the patch does not introduce any tabs
.    {color:green}+1{color} the patch does not introduce any trailing spaces
.    {color:green}+1{color} the patch does not introduce any line longer than 
132
.    {color:red}-1{color} the patch does not add/modify any testcase
{color:green}+1 RAT{color}
.    {color:green}+1{color} the patch does not seem to introduce new RAT 
warnings
{color:green}+1 JAVADOC{color}
.    {color:green}+1{color} the patch does not seem to introduce new Javadoc 
warnings
{color:green}+1 COMPILE{color}
.    {color:green}+1{color} HEAD compiles
.    {color:green}+1{color} patch compiles
.    {color:green}+1{color} the patch does not seem to introduce new javac 
warnings
{color:green}+1 BACKWARDS_COMPATIBILITY{color}
.    {color:green}+1{color} the patch does not change any JPA 
Entity/Colum/Basic/Lob/Transient annotations
.    {color:green}+1{color} the patch does not modify JPA files
{color:green}+1 TESTS{color}
.    Tests run: 1804
{color:green}+1 DISTRO{color}
.    {color:green}+1{color} distro tarball builds with the patch 

----------------------------
{color:red}*-1 Overall result, please check the reported -1(s)*{color}


The full output of the test-patch run is available at

.   https://builds.apache.org/job/oozie-trunk-precommit-build/3281/

> Update HttpClient versions to close security vulnerabilities
> ------------------------------------------------------------
>
>                 Key: OOZIE-2538
>                 URL: https://issues.apache.org/jira/browse/OOZIE-2538
>             Project: Oozie
>          Issue Type: Bug
>          Components: core
>            Reporter: Abhishek Bafna
>            Assignee: Abhishek Bafna
>             Fix For: 4.3.0
>
>         Attachments: OOZIE-2538-01.patch, OOZIE-2538-02.patch, 
> OOZIE-2538.patch
>
>
> We learned that
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5262 : 
> http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents 
> HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting 
> during an SSL handshake, which allows remote attackers to cause a denial of 
> service (HTTPS call hang) via unspecified vectors.
> Also, Commons HttpClient project is now end of life, and is no longer being 
> developed. It has been replaced by the Apache HttpComponents project in its 
> HttpClient and HttpCore modules, which offer better performance and more 
> flexibility.  http://hc.apache.org/httpclient-3.x/
> Hence, HttpClient version should be updated.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to