Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-15269

upgrade httpclient to address CVE-2020-13956

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 8.8.1
    • 8.11, 8.10.1
    • security

    Description

      According to CVE-2020-13956 https://nvd.nist.gov/vuln/detail/CVE-2020-13956

      Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can
misinterpret malformed authority component in request URIs passed to
the library as java.net.URI object and pick the wrong target host for
request execution.

      Attachments

        1. SOLR-15269.patch
          0.8 kB
          Xiaobin Dai

        Issue Links

          Blocked

          Task - A task that needs to be done. SOLR-15270 upgrade httpclient to address CVE-2020-13956

          • Major - Major loss of function.
          • Resolved
          is related to

          Task - A task that needs to be done. SOLR-15002 Upgrade HttpClient to 4.5.13

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          links to

          Web Link GitHub Pull Request #2579

          Activity

            People

              mdrob Mike Drob
              xiaobai Xiaobin Dai
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1.5h
                  1.5h