You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2016/04/10 19:23:25 UTC
[jira] [Comment Edited] (OFBIZ-6755) Update the passport component
to use httpclient/core-4.4.1 instead of commons-httpclient-3.1
[ https://issues.apache.org/jira/browse/OFBIZ-6755?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15234203#comment-15234203 ]
Jacques Le Roux edited comment on OFBIZ-6755 at 4/10/16 5:22 PM:
-----------------------------------------------------------------
At revision: 1738443, I had to revert the changes in SolrUtil.java which slipped in with r1738407. It was unrelated with the passport fix and should not have been committed with it and then backported
was (Author: jacques.le.roux):
I had to revert the changes in SolrUtil.java which slipped in with r1738407. It was unrelated with the passport fix and should not have been committed with it and then backported
> Update the passport component to use httpclient/core-4.4.1 instead of commons-httpclient-3.1
> --------------------------------------------------------------------------------------------
>
> Key: OFBIZ-6755
> URL: https://issues.apache.org/jira/browse/OFBIZ-6755
> Project: OFBiz
> Issue Type: Sub-task
> Components: specialpurpose/passport
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Shi Jinghai
> Fix For: Upcoming Branch, 15.12.01
>
>
> The passport component uses commons-httpclient-3.1. This librairies is not only deprecated but also faces a number of vulnerabilties:
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5262
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3577
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153
> The solution is to update to httpclient/core-4.4.1 that we have already in base/lib
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)