You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Ruchika Mahajan <ru...@gmail.com> on 2014/08/05 09:30:31 UTC
Regarding CVE-2012-5783 in commons-httpclient-3.1.jar
Hi,
We are using "*commons-httpclient-3.1.jar*" in our project and observed
"CVE-2012-5783" vulnerability in it.
Do we have any update or patch for commons-httpclient-3.x jar for removing
this vulnerability.
BR,
Ruchika
Re: Regarding CVE-2012-5783 in commons-httpclient-3.1.jar
Posted by sebb <se...@gmail.com>.
On 6 August 2014 06:46, Ruchika Mahajan <ru...@gmail.com> wrote:
> Thanks Oleg.
> S, does that mean the only solution for removing this vulnerability is to
> upgrade HC 3.1 to 4.x.
That is one solution.
The source for HC 3.1 is available, so you can apply your own fixes if you wish.
However there are many other fixes, so that should probably only be
considered as a short-term measure.
> Thanks in Advance.
>
> BR,
> Ruchika
>
>
> On Tue, Aug 5, 2014 at 1:52 PM, Oleg Kalnichevski <ol...@apache.org> wrote:
>
>> On Tue, 2014-08-05 at 13:00 +0530, Ruchika Mahajan wrote:
>> > Hi,
>> >
>> > We are using "*commons-httpclient-3.1.jar*" in our project and observed
>> > "CVE-2012-5783" vulnerability in it.
>> > Do we have any update or patch for commons-httpclient-3.x jar for
>> removing
>> > this vulnerability.
>> >
>> > BR,
>> > Ruchika
>>
>> HC 3.1 is at end of life since Jan 2011. It is no longer supported or
>> updated.
>>
>> Oleg
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Regarding CVE-2012-5783 in commons-httpclient-3.1.jar
Posted by Ruchika Mahajan <ru...@gmail.com>.
Thanks Oleg.
S, does that mean the only solution for removing this vulnerability is to
upgrade HC 3.1 to 4.x.
Thanks in Advance.
BR,
Ruchika
On Tue, Aug 5, 2014 at 1:52 PM, Oleg Kalnichevski <ol...@apache.org> wrote:
> On Tue, 2014-08-05 at 13:00 +0530, Ruchika Mahajan wrote:
> > Hi,
> >
> > We are using "*commons-httpclient-3.1.jar*" in our project and observed
> > "CVE-2012-5783" vulnerability in it.
> > Do we have any update or patch for commons-httpclient-3.x jar for
> removing
> > this vulnerability.
> >
> > BR,
> > Ruchika
>
> HC 3.1 is at end of life since Jan 2011. It is no longer supported or
> updated.
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
Re: Regarding CVE-2012-5783 in commons-httpclient-3.1.jar
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Tue, 2014-08-05 at 13:00 +0530, Ruchika Mahajan wrote:
> Hi,
>
> We are using "*commons-httpclient-3.1.jar*" in our project and observed
> "CVE-2012-5783" vulnerability in it.
> Do we have any update or patch for commons-httpclient-3.x jar for removing
> this vulnerability.
>
> BR,
> Ruchika
HC 3.1 is at end of life since Jan 2011. It is no longer supported or
updated.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org