Folks, I overreacted. This bug is NOT a release blocker and will not delay the final release of HttpClient 3.0.
The bug does not affect any of the official releases of HttpClient. It only affects a few nightly builds and ONLY when the preemptive authentication is used, which is a really bad idea from the security standpoint. For details see: http://issues.apache.org/bugzilla/show_bug.cgi?id=37345 Oleg On Thu, 2005-11-03 at 14:24 +0100, Michael Schaefer wrote: > > On Thu, Nov 03, 2005 at 01:59:09PM +0100, Michael Schaefer wrote: > > >> Hi, > > [...] > >> show that the proxy credentials are also transmitted to the remote host > >> through the CONNECT-tunnel, thus disclosing sensitive information to the > >> remote host. > > > Michael, > > Please file a bug report. This is a critical bug and a release blocker > > Filed as Bug 37345. > http://issues.apache.org/bugzilla/show_bug.cgi?id=37345 > > best wishes, > Michael > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
