[ 
https://issues.apache.org/jira/browse/PIG-5302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nandor Kollar updated PIG-5302:
-------------------------------
    Attachment: PIG-5302_2.patch

> Remove HttpClient dependency
> ----------------------------
>
>                 Key: PIG-5302
>                 URL: https://issues.apache.org/jira/browse/PIG-5302
>             Project: Pig
>          Issue Type: Bug
>            Reporter: Nandor Kollar
>            Assignee: Nandor Kollar
>         Attachments: PIG-5302_1.patch, PIG-5302_2.patch
>
>
> Pig depends on Apache Commons HttpClient 3.1 which is an old version with 
> security problems 
> ([CVE-2015-5262|https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2015-5262])
> Also, Pig depends on Apache HttpComponents (it also needs update to newer 
> version due to similar reason), which is the successor of HttpClient, thus we 
> should remove HttpClient dependency, and update HttpComponents to 4.4+



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to