You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@creadur.apache.org by "Philipp Ottlinger (Jira)" <ji...@apache.org> on 2021/06/21 19:55:00 UTC
[jira] [Updated] (RAT-275) Update httpclient to fix CVE-2020-13956
once a new doxia-core release is available
[ https://issues.apache.org/jira/browse/RAT-275?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Philipp Ottlinger updated RAT-275:
----------------------------------
Description:
Once a newer doxia version is available update to it in order to fix:
[https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1016906]
h2. Remediation
Upgrade {{org.apache.httpcomponents:httpclient}} to version 4.5.13, 5.0.3 or higher.
Currently the most up2date doxia uses v4.5.8 of httpclient.
h2. Update
* The branch "update-doxia-tools" tries to update some other outdated components in RAT as well ....
* 2021-06-21: Upcoming release of doxia stuff v1.10 ....
was:
Once a newer doxia version is available update to it in order to fix:
[https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1016906]
h2. Remediation
Upgrade {{org.apache.httpcomponents:httpclient}} to version 4.5.13, 5.0.3 or higher.
Currently the most up2date doxia uses v4.5.8 of httpclient.
The branch "update-doxia-tools" tries to update some other outdated components in RAT as well ....
> Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available
> ----------------------------------------------------------------------------------
>
> Key: RAT-275
> URL: https://issues.apache.org/jira/browse/RAT-275
> Project: Apache Rat
> Issue Type: Bug
> Affects Versions: 0.13, 0.14
> Reporter: Philipp Ottlinger
> Priority: Major
>
> Once a newer doxia version is available update to it in order to fix:
> [https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1016906]
> h2. Remediation
> Upgrade {{org.apache.httpcomponents:httpclient}} to version 4.5.13, 5.0.3 or higher.
> Currently the most up2date doxia uses v4.5.8 of httpclient.
> h2. Update
> * The branch "update-doxia-tools" tries to update some other outdated components in RAT as well ....
> * 2021-06-21: Upcoming release of doxia stuff v1.10 ....
--
This message was sent by Atlassian Jira
(v8.3.4#803005)