You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by GitBox <gi...@apache.org> on 2021/07/02 12:05:56 UTC
[GitHub] [jackrabbit-oak] fabriziofortino opened a new pull request #310: OAK-9482: upgrade httpclient to 4.5.13
fabriziofortino opened a new pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit-oak] fabriziofortino commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13
Posted by GitBox <gi...@apache.org>.
fabriziofortino commented on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874559057
@reschke I did not because httpclient 4.5.13 is compiled/tested/released with httpcore 4.4.13 (https://github.com/apache/httpcomponents-client/blob/rel/v4.5.13/pom.xml#L69). The latest httpcore will be used in the next release of httpclient.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit-oak] fabriziofortino commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13
Posted by GitBox <gi...@apache.org>.
fabriziofortino commented on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874615669
@reschke correct, the update to v 4.5.13 is to avoid the vulnerability you mentioned (https://issues.apache.org/jira/browse/OAK-9482)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit-oak] thomasmueller commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13
Posted by GitBox <gi...@apache.org>.
thomasmueller commented on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874597854
Test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit-oak] fabriziofortino merged pull request #310: OAK-9482: upgrade httpclient to 4.5.13
Posted by GitBox <gi...@apache.org>.
fabriziofortino merged pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13
Posted by GitBox <gi...@apache.org>.
reschke removed a comment on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874608667
See https://www.cvedetails.com/cve/CVE-2020-13956/
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13
Posted by GitBox <gi...@apache.org>.
reschke commented on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874608667
See https://www.cvedetails.com/cve/CVE-2020-13956/
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13
Posted by GitBox <gi...@apache.org>.
reschke removed a comment on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874608667
See https://www.cvedetails.com/cve/CVE-2020-13956/
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit-oak] fabriziofortino commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13
Posted by GitBox <gi...@apache.org>.
fabriziofortino commented on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874559057
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13
Posted by GitBox <gi...@apache.org>.
reschke commented on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874608667
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13
Posted by GitBox <gi...@apache.org>.
reschke commented on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874638000
Yep, I misread the CVE.
Anyway; I understand the desire to use this combination, but given the fact that there are bugfixes in httpcore I really do not understand why we wouldn't use it, There's a reason why that release was made.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit-oak] thomasmueller commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13
Posted by GitBox <gi...@apache.org>.
thomasmueller commented on pull request #310:
URL: https://github.com/apache/jackrabbit-oak/pull/310#issuecomment-874597854
Test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org