[OFBIZ-6755] Update the passport component to use httpclient/core-4.4.1 instead of commons-httpclient-3.1 - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Trunk
Fix Version/s: 15.12.01
Component/s: passport
Labels:
None

Sprint:
Bug Crush Event - 21/2/2015

Description

The passport component uses commons-httpclient-3.1. This librairies is not only deprecated but also faces a number of vulnerabilties:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5262
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3577
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153

The solution is to update to httpclient/core-4.4.1 that we have already in base/lib

Attachments

Issue Links

Add Link

is duplicated by

OFBIZ-6982 Replace use of commons.http libraries with httpcomponent variant.

Closed

Delete this link

relates to

OFBIZ-6916 Upgrade Axis2 to 1.7.1

Closed

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Shi Jinghai

Reporter:: Jacques Le Roux

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 05/Dec/15 18:59

Updated:: 13/Apr/16 19:46

Resolved:: 10/Apr/16 06:13

Agile

Completed Sprint:: Bug Crush Event - 21/2/2015 ended 26/Feb/15

View on Board

Update the passport component to use httpclient/core-4.4.1 instead of commons-httpclient-3.1

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Agile

Slack

Issue deployment