Robert Lazarski created AXIS2-6018:
--------------------------------------
Summary: Axis2 users of old Apache HTTPClient versions and
CVE-2012-5785
Key: AXIS2-6018
URL: https://issues.apache.org/jira/browse/AXIS2-6018
Project: Axis2
Issue Type: Improvement
Reporter: Robert Lazarski
This issue is to track an issue already fixed in Axis2 1.8.0; CVE-2012-5785 is
not relevant because it discusses very old versions of Apache HTTPClient from
around 2012.
[https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf]
>From Axis2 1.8.0 on, we removed support for Apache HTTPClient 3.x completely.
In the 1.7.x release series, removing Apache HTTPClient 3.x and running only
4.x is possible as explained in AXIS2-5959 but anyways users should still
upgrade to Axis2 1.8.0.
For Apache HTTPClient 4.x, the link above from 2012 describes problems fixed
many years ago.
All users of Axis2 are encouraged to always run the latest Apache httpcore and
httpclient libs.
The Axis2 1.8.0 release the past August 2021 included Apache httpclient version
4.5.13 in our pom.xml and there have been no releases of Apache httpclient
since.
Since Axis2 1.8.0, there was a release of Apache httpcore 4.4.15. Users are
encouraged to update their pom.xml to the latest version. The pom.xml in the
Axis2 master branch is up to date.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
