Axis2 use of Apache Commons HTTP Client 3.1

[David Dillard <dd...@symantec.com>]

I see that the Apache Commons HTTP Client is distributed with Axis2 1.6.2  Commons HTTP Client has been EOL for several years now (see http://hc.apache.org/httpclient-3.x/) as it migrated to the Apache HttpCore and HttpClient projects.  In addition, there is one known vulnerability in HTTP Client 3.1 (see http://cvedetails.com/cve-details.php?t=1&cve_id=CVE-2012-5783) that was never fixed because the project was EOL.

Given these issues, has any consideration been given to moving to the supported HttpClient project?


Thanks,

David


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org

Re: Axis2 use of Apache Commons HTTP Client 3.1

[Kishanthan Thangarajah <ks...@gmail.com>]

Axis2 trunk is already upgraded to use HttpClient4
(for CommonsHTTPTransportSender) [1], along with still maintaining the
support for HttpClient3.

Thanks,
Kishanthan
[1] https://issues.apache.org/jira/browse/AXIS2-4318


On Mon, Aug 5, 2013 at 12:26 PM, David Dillard <dd...@symantec.com>wrote:

> I see that the Apache Commons HTTP Client is distributed with Axis2 1.6.2
>  Commons HTTP Client has been EOL for several years now (see
> http://hc.apache.org/httpclient-3.x/) as it migrated to the Apache
> HttpCore and HttpClient projects.  In addition, there is one known
> vulnerability in HTTP Client 3.1 (see
> http://cvedetails.com/cve-details.php?t=1&cve_id=CVE-2012-5783) that was
> never fixed because the project was EOL.
>
> Given these issues, has any consideration been given to moving to the
> supported HttpClient project?
>
>
> Thanks,
>
> David
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> For additional commands, e-mail: java-dev-help@axis.apache.org
>
>