On 6 August 2014 06:46, Ruchika Mahajan <[email protected]> wrote: > Thanks Oleg. > S, does that mean the only solution for removing this vulnerability is to > upgrade HC 3.1 to 4.x.
That is one solution. The source for HC 3.1 is available, so you can apply your own fixes if you wish. However there are many other fixes, so that should probably only be considered as a short-term measure. > Thanks in Advance. > > BR, > Ruchika > > > On Tue, Aug 5, 2014 at 1:52 PM, Oleg Kalnichevski <[email protected]> wrote: > >> On Tue, 2014-08-05 at 13:00 +0530, Ruchika Mahajan wrote: >> > Hi, >> > >> > We are using "*commons-httpclient-3.1.jar*" in our project and observed >> > "CVE-2012-5783" vulnerability in it. >> > Do we have any update or patch for commons-httpclient-3.x jar for >> removing >> > this vulnerability. >> > >> > BR, >> > Ruchika >> >> HC 3.1 is at end of life since Jan 2011. It is no longer supported or >> updated. >> >> Oleg >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
