Summary: | jmeter depends on obsolete commons-httpclient library | ||
---|---|---|---|
Product: | JMeter - Now in Github | Reporter: | Markus Koschany <apo> |
Component: | Main | Assignee: | JMeter issues mailing list <issues> |
Status: | RESOLVED WONTFIX | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 2.11 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux |
Description
Markus Koschany
2015-10-21 15:08:57 UTC
JMeter already uses httpcomponents-client; just make sure you use the appropriate HTTP implementation. @sebb I not sure that the issue was an incorrect choice of the HTTP request implementation. I thinks that is to create a jmeter package for a Linux distribution, the maintainer must add dependencies of the HC3.x because JMeter offer the possibility to use HC3 HTTP request implementation. For example Debian : https://packages.debian.org/jessie/jmeter https://packages.debian.org/jessie/libcommons-httpclient-java One minor security issue for HC (3/4) https://security-tracker.debian.org/tracker/source-package/commons-httpclient https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5262 I'm a member of the Debian Java team and we maintain jmeter for Debian. I have reported this bug because we cannot build jmeter without build-depending on commons-httpclient. However we would like to remove commons-httpclient from Debian because it is unmaintained and its upstream developer strongly recommends to switch to httpcomponents-client. Since commons-httpclient was affected by multiple security vulnerabilities in the recent past, we would like to reduce the maintenance burden. We would prefer that jmeter no longer requires to build-depend on commons-httpclient. This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/3682 |