You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@pig.apache.org by "Adam Szita (JIRA)" <ji...@apache.org> on 2017/11/09 09:09:00 UTC

[jira] [Commented] (PIG-5302) Remove HttpClient dependency

    [ https://issues.apache.org/jira/browse/PIG-5302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16245403#comment-16245403 ] 

Adam Szita commented on PIG-5302:
---------------------------------

There looks to be a lot of unused / old copy-pasted entries in our ivy file. Thanks for your efforts to clean this up, [^PIG-5302_3.patch] looks good to me, +1 pending that all unit tests pass.

> Remove HttpClient dependency
> ----------------------------
>
>                 Key: PIG-5302
>                 URL: https://issues.apache.org/jira/browse/PIG-5302
>             Project: Pig
>          Issue Type: Bug
>            Reporter: Nandor Kollar
>            Assignee: Nandor Kollar
>         Attachments: PIG-5302_1.patch, PIG-5302_2.patch, PIG-5302_3.patch, ivy-report.css, org.apache.pig-pig-compile.html
>
>
> Pig depends on Apache Commons HttpClient 3.1 which is an old version with security problems ([CVE-2015-5262|https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2015-5262])
> Also, Pig depends on Apache HttpComponents (it also needs update to newer version due to similar reason), which is the successor of HttpClient, thus we should remove HttpClient dependency, and update HttpComponents to 4.4+



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)