Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Pig depends on Apache Commons HttpClient 3.1 which is an old version with security problems (CVE-2015-5262)
Also, Pig depends on Apache HttpComponents (it also needs update to newer version due to similar reason), which is the successor of HttpClient, thus we should remove HttpClient dependency, and update HttpComponents to 4.4+