You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@karaf.apache.org by GitBox <gi...@apache.org> on 2020/10/21 08:47:13 UTC

[GitHub] [karaf] Sachpat opened a new pull request #1243: Update httpclient.version to 4.5.13 to address CVE-2020-13956.

Sachpat opened a new pull request #1243:
URL: https://github.com/apache/karaf/pull/1243


   As per https://bugzilla.redhat.com/show_bug.cgi?id=1886587, http.client librarires below version 4.5.13 have the vulnerability CVE-2020-13956. As Karaf 4.2.x rebundles http.client (4.5.6) classes as seen at https://github.com/apache/karaf/blob/karaf-4.2.10/jaas/modules/pom.xml#L180 This makes it vulnerable and hence our security scans are detecting it as a vulnerable library. And hence updating the httpclient.version to 4.5.13.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [karaf] skitt commented on pull request #1243: Update httpclient.version to 4.5.13 to address CVE-2020-13956.

Posted by GitBox <gi...@apache.org>.

skitt commented on pull request #1243:
URL: https://github.com/apache/karaf/pull/1243#issuecomment-713498407


   Merged and backported to 4.2.x, thanks!


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [karaf] skitt merged pull request #1243: Update httpclient.version to 4.5.13 to address CVE-2020-13956.

Posted by GitBox <gi...@apache.org>.

skitt merged pull request #1243:
URL: https://github.com/apache/karaf/pull/1243


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [karaf] Sachpat commented on pull request #1243: Update httpclient.version to 4.5.13 to address CVE-2020-13956.

Posted by GitBox <gi...@apache.org>.

Sachpat commented on pull request #1243:
URL: https://github.com/apache/karaf/pull/1243#issuecomment-713506832


   Thanks for the quick merge @skitt :) 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org