You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "alicejli (via GitHub)" <gi...@apache.org> on 2023/02/06 14:28:17 UTC

[GitHub] [httpcomponents-client] alicejli opened a new pull request, #411: Update Apache Commons Codec from 1.11 to 1.15.

alicejli opened a new pull request, #411:
URL: https://github.com/apache/httpcomponents-client/pull/411

   There was a vulnerability found with commons-codec (https://sca.analysiscenter.veracode.com/vulnerability-database/security/sca/vulnerability/sid-22742/summary) that was fixed in v1.13.  
   The latest version is 1.15 so I've updated the dependency to the latest.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

[GitHub] [httpcomponents-client] alicejli commented on pull request #411: Update Apache Commons Codec from 1.11 to 1.15.

Posted by "alicejli (via GitHub)" <gi...@apache.org>.

alicejli commented on PR #411:
URL: https://github.com/apache/httpcomponents-client/pull/411#issuecomment-1419788638

   Thank you for clarifying - that makes sense.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

[GitHub] [httpcomponents-client] ok2c commented on pull request #411: Update Apache Commons Codec from 1.11 to 1.15.

Posted by "ok2c (via GitHub)" <gi...@apache.org>.

ok2c commented on PR #411:
URL: https://github.com/apache/httpcomponents-client/pull/411#issuecomment-1419700281

   @alicejli We cannot upgrade HttpClient 4.5.x to the latest Commons Codec version due to Java 1.6 compatibility. Commons folks did not consider the security issue severe enough to warrant a release of Commons Codec compatible with Java 1.6. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

[GitHub] [httpcomponents-client] ok2c closed pull request #411: Update Apache Commons Codec from 1.11 to 1.15.

Posted by "ok2c (via GitHub)" <gi...@apache.org>.

ok2c closed pull request #411: Update Apache Commons Codec from 1.11 to 1.15.
URL: https://github.com/apache/httpcomponents-client/pull/411


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

[GitHub] [httpcomponents-client] suztomo commented on pull request #411: Update Apache Commons Codec from 1.11 to 1.15.

Posted by "suztomo (via GitHub)" <gi...@apache.org>.

suztomo commented on PR #411:
URL: https://github.com/apache/httpcomponents-client/pull/411#issuecomment-1419665045

   You talked about Java 6 compatibility. Can you write down findings here?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org