You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by "Emmanuel Bourg (JIRA)" <ji...@apache.org> on 2015/10/20 14:27:27 UTC

[jira] [Commented] (JCR-2406) Upgrade httpclient dependency to 4.0

    [ https://issues.apache.org/jira/browse/JCR-2406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14965031#comment-14965031 ] 

Emmanuel Bourg commented on JCR-2406:
-------------------------------------

commons-httpclient has security issues (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2012-5783) and is no longer maintained, the priority should probably be raised.



> Upgrade httpclient dependency to 4.0
> ------------------------------------
>
>                 Key: JCR-2406
>                 URL: https://issues.apache.org/jira/browse/JCR-2406
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-jcr-server, jackrabbit-spi2dav
>            Reporter: Sébastien Launay
>            Priority: Minor
>
> Httpclient is one of these libs that tends to be pulled by another third party lib and often with conflicted versions (in a traditional environment contrary to OSGi).
> Upgrading from 3.0 to 4.0 allows applications to use both Jackrabbit and the latest release of HttpClient.
> As discussed in JCR-2389, this is a sensitive task as it can introduce regression.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)