[
https://issues.apache.org/jira/browse/SENTRY-1446?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergio Peña updated SENTRY-1446:
--------------------------------
Fix Version/s: (was: 1.8.0)
2.0.0
Moving all unresolved jiras with fix version 1.8.0 to 2.0.0. Please change the
fix version if you intend to make it into 1.8.0 release.
> Upgrade httpmime (Sentry) to 4.3.6 or greater.
> ----------------------------------------------
>
> Key: SENTRY-1446
> URL: https://issues.apache.org/jira/browse/SENTRY-1446
> Project: Sentry
> Issue Type: New Feature
> Components: Sentry
> Affects Versions: 1.8.0
> Reporter: Anne Yu
> Fix For: 2.0.0
>
>
> http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents
> HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting
> during an SSL handshake, which allows remote attackers to cause a denial of
> service (HTTPS call hang) via unspecified vectors.
> Upgrade to 4.3.6 or greater.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
