Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-1525 Issue to group security concerns
  3. OFBIZ-6916

Upgrade Axis2 to 1.7.1

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Trunk
    • 14.12.01, 13.07.03, 16.11.01
    • framework
    • None
    • Bug Crush Event - 21/2/2015

    Description

      With OFBIZ-5801 I recently upgraded Axis2 to 1.6.3. But it still uses commons-httpclient-3.1 which is not only deprecated but also faces a number of vulnerabilties:

      https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5262
      https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3577
      https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153

      This will also help to resolve OFBIZ-6755 (passport component)

      Attachments

        Issue Links

          is duplicated by

          Improvement - An improvement or enhancement to an existing feature or task. OFBIZ-6982 Replace use of commons.http libraries with httpcomponent variant.

          • Major - Major loss of function.
          • Closed
          is related to

          Sub-task - The sub-task of the issue OFBIZ-6755 Update the passport component to use httpclient/core-4.4.1 instead of commons-httpclient-3.1

          • Major - Major loss of function.
          • Closed

          Activity

            People

              jleroux Jacques Le Roux
              jleroux Jacques Le Roux
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: