You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@drill.apache.org by "Laurent Goujon (Jira)" <ji...@apache.org> on 2021/06/04 21:21:00 UTC

[jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956

     [ https://issues.apache.org/jira/browse/DRILL-7946?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Laurent Goujon resolved DRILL-7946.
-----------------------------------
    Resolution: Fixed

> Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
> --------------------------------------------------------
>
>                 Key: DRILL-7946
>                 URL: https://issues.apache.org/jira/browse/DRILL-7946
>             Project: Apache Drill
>          Issue Type: Improvement
>            Reporter: Cong Luo
>            Assignee: Cong Luo
>            Priority: Major
>             Fix For: 1.19.0
>
>
> Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)