Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-4464

Upgrade httpclient version due to CVE-2020-13956

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • None
    • None

    Description

      According to CVE-2020-13956 https://www.openwall.com/lists/oss-security/2020/10/08/4 ,

      Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can
      misinterpret malformed authority component in request URIs passed to
      the library as java.net.URI object and pick the wrong target host for
      request execution.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-17223 update org.apache.httpcomponents:httpclient to 4.5.13 and httpcore to 4.4.13

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved
          links to

          Web Link GitHub Pull Request #1590

          Activity

            People

              szetszwo Tsz-wo Sze
              szetszwo Tsz-wo Sze
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: