Uploaded image for project: 'Apache Rat'
  1. Apache Rat
  2. RAT-275

Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.13, 0.14
    • 0.14
    • None
    • None

    Description

      Once a newer doxia version is available update to it in order to fix:

      https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1016906

      Remediation

      Upgrade org.apache.httpcomponents:httpclient to version 4.5.13, 5.0.3 or higher.

       Currently the most up2date doxia uses v4.5.8 of httpclient.

      Update

      • The branch "update-doxia-tools" tries to update some other outdated components in RAT as well ....
      • 2021-06-21: Upcoming release of doxia stuff v1.10 ....

      Attachments

        Issue Links

          is blocked by

          Dependency upgrade - Upgrading a dependency to a newer version DOXIA-615 Upgrade HttpClient to 4.5.13

          • Major - Major loss of function.
          • Closed

          Activity

            People

              pottlinger Philipp Ottlinger
              pottlinger Philipp Ottlinger
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: