You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2016/02/25 12:20:18 UTC

[jira] [Commented] (OFBIZ-6755) Update the passport component to use httpclient-4.5.1 + httpcore-4.4.3 instead of commons-httpclient-3.1

    [ https://issues.apache.org/jira/browse/OFBIZ-6755?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15167096#comment-15167096 ] 

Jacques Le Roux commented on OFBIZ-6755:
----------------------------------------

OK I put an empty one at r1725006

> Update the passport component to use httpclient-4.5.1 + httpcore-4.4.3 instead of commons-httpclient-3.1
> --------------------------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-6755
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-6755
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: specialpurpose/passport
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>             Fix For: Upcoming Branch
>
>
> The passport component uses commons-httpclient-3.1. This librairies is not only deprecated but also faces a number of vulnerabilties:
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5262
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3577
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153
> The solution is to update to httpclient-4.5.1 + httpcore-4.4.3 instead
> Note that we need to keep commons-httpclient-3.1 because it's needed by Axis2-1.6.3 which is the latest Axis2 release :/. I got this test error when removed from service/lib:
> {code}
> RPC service error (org/apache/commons/httpclient/HttpException)
> org.ofbiz.service.GenericServiceException: RPC service error (org/apache/commons/httpclient/HttpException)
> at org.ofbiz.service.engine.SOAPClientEngine.serviceInvoker(SOAPClientEngine.java:94)
> at org.ofbiz.service.engine.SOAPClientEngine.runSync(SOAPClientEngine.java:71)
> at org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:395)
> at org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:227)
> at org.ofbiz.service.GenericDispatcherFactory$GenericDispatcher.runSync(GenericDispatcherFactory.java:88)
> at org.ofbiz.service.test.ServiceSOAPTests.testSOAPService(ServiceSOAPTests.java:54)
> at org.ofbiz.testtools.TestRunContainer.start(TestRunContainer.java:146)
> at org.ofbiz.base.container.ContainerLoader.start(ContainerLoader.java:237)
> at org.ofbiz.base.start.Start.startStartLoaders(Start.java:408)
> at org.ofbiz.base.start.Start.start(Start.java:434)
> at org.ofbiz.base.start.Start.main(Start.java:135)
> Caused by: org.apache.axis2.deployment.DeploymentException: org/apache/commons/httpclient/HttpException
> at org.apache.axis2.deployment.AxisConfigBuilder.processTransportSenders(AxisConfigBuilder.java:699)
> at org.apache.axis2.deployment.AxisConfigBuilder.populateConfig(AxisConfigBuilder.java:123)
> at org.apache.axis2.deployment.DeploymentEngine.populateAxisConfiguration(DeploymentEngine.java:857)
> at org.apache.axis2.deployment.FileSystemConfigurator.getAxisConfiguration(FileSystemConfigurator.java:116)
> at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContext(ConfigurationContextFactory.java:64)
> at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContextFromFileSystem(ConfigurationContextFactory.java:210)
> at org.apache.axis2.client.ServiceClient.configureServiceClient(ServiceClient.java:151)
> at org.apache.axis2.client.ServiceClient.<init>(ServiceClient.java:144)
> at org.apache.axis2.client.ServiceClient.<init>(ServiceClient.java:251)
> at org.ofbiz.service.engine.SOAPClientEngine.serviceInvoker(SOAPClientEngine.java:88)
> Caused by: java.lang.NoClassDefFoundError: org/apache/commons/httpclient/HttpException
> at java.lang.Class.getDeclaredConstructors0(Native Method)
> at java.lang.Class.privateGetDeclaredConstructors(Class.java:2671)
> at java.lang.Class.getConstructor0(Class.java:3075)
> at java.lang.Class.newInstance(Class.java:412)
> at org.apache.axis2.deployment.AxisConfigBuilder.processTransportSenders(AxisConfigBuilder.java:684)
> Caused by: java.lang.ClassNotFoundException: org.apache.commons.httpclient.HttpException
> at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)