[
https://issues.apache.org/jira/browse/AXIS2-5996?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17299746#comment-17299746
]
Robert Lazarski commented on AXIS2-5996:
----------------------------------------
Joseph, you can simply drop in the latest jar into Maven for the 1.7.9 release:
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.13</version>
</dependency>
We have an open thread on the dev mailing list concerning the next release.
There are still some outstanding items.
About the release, sooner rather than later as we'd like to get these
vulnerabilities patched in our user base asap.
> Axis contains a vulnerable dependecy
> ------------------------------------
>
> Key: AXIS2-5996
> URL: https://issues.apache.org/jira/browse/AXIS2-5996
> Project: Axis2
> Issue Type: Bug
> Affects Versions: 1.7.9
> Reporter: Joseph
> Priority: Major
> Labels: security
>
> Axis 2 is dependent on Apache Client 4.5.3 which is vulnerable to
> CVE-2020-13956
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
