[OFBIZ-6755] Update the passport component to use httpclient/core-4.4.1 instead of commons-httpclient-3.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Trunk
Fix Version/s: 15.12.01
Component/s: passport
Labels:
None

Sprint:
Bug Crush Event - 21/2/2015

Description

The passport component uses commons-httpclient-3.1. This librairies is not only deprecated but also faces a number of vulnerabilties:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5262
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3577
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153

The solution is to update to httpclient/core-4.4.1 that we have already in base/lib

Attachments

Issue Links

is duplicated by

OFBIZ-6982 Replace use of commons.http libraries with httpcomponent variant.

Closed

relates to

OFBIZ-6916 Upgrade Axis2 to 1.7.1

Closed

Activity

People

Assignee:: Shi Jinghai

Reporter:: Jacques Le Roux

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 05/Dec/15 18:59

Updated:: 13/Apr/16 19:46

Resolved:: 10/Apr/16 06:13