You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by GitBox <gi...@apache.org> on 2021/07/02 12:05:56 UTC

[GitHub] [jackrabbit-oak] fabriziofortino opened a new pull request #310: OAK-9482: upgrade httpclient to 4.5.13

fabriziofortino opened a new pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jackrabbit-oak] fabriziofortino commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13

Posted by GitBox <gi...@apache.org>.

fabriziofortino commented on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874559057


   @reschke I did not because httpclient 4.5.13 is compiled/tested/released with httpcore 4.4.13 (https://github.com/apache/httpcomponents-client/blob/rel/v4.5.13/pom.xml#L69). The latest httpcore will be used in the next release of httpclient.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jackrabbit-oak] fabriziofortino commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13

Posted by GitBox <gi...@apache.org>.

fabriziofortino commented on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874615669


   @reschke correct, the update to v 4.5.13 is to avoid the vulnerability you mentioned (https://issues.apache.org/jira/browse/OAK-9482)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jackrabbit-oak] thomasmueller commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13

Posted by GitBox <gi...@apache.org>.

thomasmueller commented on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874597854


   Test


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jackrabbit-oak] fabriziofortino merged pull request #310: OAK-9482: upgrade httpclient to 4.5.13

Posted by GitBox <gi...@apache.org>.

fabriziofortino merged pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13

Posted by GitBox <gi...@apache.org>.

reschke removed a comment on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874608667


   See https://www.cvedetails.com/cve/CVE-2020-13956/


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13

Posted by GitBox <gi...@apache.org>.

reschke commented on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874608667


   See https://www.cvedetails.com/cve/CVE-2020-13956/


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13

Posted by GitBox <gi...@apache.org>.

reschke removed a comment on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874608667


   See https://www.cvedetails.com/cve/CVE-2020-13956/


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jackrabbit-oak] fabriziofortino commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13

Posted by GitBox <gi...@apache.org>.

fabriziofortino commented on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874559057






-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13

Posted by GitBox <gi...@apache.org>.

reschke commented on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874608667






-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13

Posted by GitBox <gi...@apache.org>.

reschke commented on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874638000


   Yep, I misread the CVE.
   
   Anyway; I understand the desire to use this combination, but given the fact that there are bugfixes in httpcore I really do not understand why we wouldn't use it, There's a reason why that release was made.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jackrabbit-oak] thomasmueller commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13

Posted by GitBox <gi...@apache.org>.

thomasmueller commented on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874597854


   Test


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org