Uploaded image for project: 'Maven Doxia'
  1. Maven Doxia
  2. DOXIA-615

Upgrade HttpClient to 4.5.13

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.6, 1.9.1
    • 1.10
    • Core
    • None

    Description

      https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1016906

      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956

      Over at RAT we do use doxia-core and just got a security report (RAT-275) that doxia uses a problematic version of httpclient.

      Can you update to a more recent version and provide a new release?

      Thanks

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. RAT-275 Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available

          • Major - Major loss of function.
          • Closed

          Activity

            People

              elharo Elliotte Rusty Harold
              pottlinger Philipp Ottlinger
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: