Robert Lazarski created AXIS2-6018:
--------------------------------------

             Summary: Axis2 users of old Apache HTTPClient versions and 
CVE-2012-5785
                 Key: AXIS2-6018
                 URL: https://issues.apache.org/jira/browse/AXIS2-6018
             Project: Axis2
          Issue Type: Improvement
            Reporter: Robert Lazarski


This issue is to track an issue already fixed in Axis2 1.8.0; CVE-2012-5785 is 
not relevant because it discusses very old versions of Apache HTTPClient from 
around 2012. 

[https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf]

>From Axis2 1.8.0 on, we removed support for Apache HTTPClient 3.x completely.

In the 1.7.x release series, removing Apache HTTPClient 3.x and running only 
4.x is possible as explained in AXIS2-5959 but anyways users should still 
upgrade to Axis2 1.8.0.

For Apache HTTPClient 4.x, the link above from 2012 describes problems fixed 
many years ago.

All users of Axis2 are encouraged to always run the latest Apache httpcore and 
httpclient libs.

The Axis2 1.8.0 release the past August 2021 included Apache httpclient version 
4.5.13 in our pom.xml and there have been no releases of Apache httpclient 
since.

Since Axis2 1.8.0, there was a release of Apache httpcore 4.4.15. Users are 
encouraged to update their pom.xml to the latest version. The pom.xml in the 
Axis2 master branch is up to date.

 

 

 

 

 

 

 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

Reply via email to