Le 11/09/2015 15:12, Guido Günther a écrit : > Please see https://bugzilla.redhat.com/show_bug.cgi?id=1259892
Thank you for the report Guido. A hanging connection is certainly annoying but I fail to understand why it's flagged as a security vulnerability. Note that according to HTTPCLIENT-1478 [1] this was completely fixed in the version 4.3.6. So if this is really a security issue the httpcomponents-client package in stable and oldstable is also affected. [1] https://issues.apache.org/jira/browse/HTTPCLIENT-1478 __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.