You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by GitBox <gi...@apache.org> on 2021/06/04 07:35:12 UTC
[GitHub] [drill] luocooong opened a new pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
luocooong opened a new pull request #2250:
URL: https://github.com/apache/drill/pull/2250
# [DRILL-7946](https://issues.apache.org/jira/browse/DRILL-7946): Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
## Description
CVE-2020-13956
Vulnerable versions: < 4.5.13
Patched version: 4.5.13
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
## Documentation
N/A
## Testing
Waiting for the unit tests passed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [drill] laurentgo merged pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
Posted by GitBox <gi...@apache.org>.
laurentgo merged pull request #2250:
URL: https://github.com/apache/drill/pull/2250
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [drill] luocooong commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
Posted by GitBox <gi...@apache.org>.
luocooong commented on pull request #2250:
URL: https://github.com/apache/drill/pull/2250#issuecomment-855021048
@cgivre Great. Thanks for your suggestion! I almost forgot the `okhttp` library.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [drill] cgivre commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
Posted by GitBox <gi...@apache.org>.
cgivre commented on pull request #2250:
URL: https://github.com/apache/drill/pull/2250#issuecomment-854913769
@luocooong
Thanks for this PR. I'm fine with merging this as is, but in the future would we want to consider migrating to `okhttp`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org