Xiaobin Dai created SOLR-15270:
----------------------------------
Summary: upgrade httpclient to address CVE-2020-13956
Key: SOLR-15270
URL: https://issues.apache.org/jira/browse/SOLR-15270
Project: Solr
Issue Type: Task
Security Level: Public (Default Security Level. Issues are Public)
Components: security
Affects Versions: 8.8.1
Reporter: Xiaobin Dai
According to CVE-2020-13956 [https://nvd.nist.gov/vuln/detail/CVE-2020-13956]
{code:java}
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can
misinterpret malformed authority component in request URIs passed to
the library as java.net.URI object and pick the wrong target host for
request execution.
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
