[
https://issues.apache.org/jira/browse/DRILL-7946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17357123#comment-17357123
]
ASF GitHub Bot commented on DRILL-7946:
---------------------------------------
luocooong opened a new pull request #2250:
URL: https://github.com/apache/drill/pull/2250
# [DRILL-7946](https://issues.apache.org/jira/browse/DRILL-7946): Bump
HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
## Description
CVE-2020-13956
Vulnerable versions: < 4.5.13
Patched version: 4.5.13
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can
misinterpret malformed authority component in request URIs passed to the
library as java.net.URI object and pick the wrong target host for request
execution.
## Documentation
N/A
## Testing
Waiting for the unit tests passed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
> --------------------------------------------------------
>
> Key: DRILL-7946
> URL: https://issues.apache.org/jira/browse/DRILL-7946
> Project: Apache Drill
> Issue Type: Improvement
> Reporter: Cong Luo
> Assignee: Cong Luo
> Priority: Major
> Fix For: 1.19.0
>
>
> Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret
> malformed authority component in request URIs passed to the library as
> java.net.URI object and pick the wrong target host for request execution.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
