You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@predictionio.apache.org by Javad Maharramzade <jm...@modusoperandi.com.INVALID> on 2020/06/17 14:32:53 UTC

predictionio-sdk-java-client OWASP vulnerability

Hello PredictionIO Developers,

 

Thank you for the amazing product. For predictionio-sdk-java-client
(https://github.com/apache/predictionio-sdk-java), any plans to switch to
using the new Async Http Client library
(https://github.com/AsyncHttpClient/async-http-client)? The module is still
using the old discontinued "ning" implementation
(https://github.com/ning/async-http-client), and unfortunately there is an
OWASP vulnerability associated with it (see
https://nvd.nist.gov/vuln/detail/CVE-2017-14063).

 

Thanks,

 

Javad Maharramzade

Lead Software Engineer

MODUS OPERANDI, INC.

 

O . 321.473.1422

 

 <ma...@modusoperandi.com> jmaharramzade@modusoperandi.com

 <http://www.modusoperandi.com/> www.modusoperandi.com