You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@pig.apache.org by "Nandor Kollar (JIRA)" <ji...@apache.org> on 2017/09/14 07:55:00 UTC

[jira] [Created] (PIG-5303) Remove HttpClient dependency

Nandor Kollar created PIG-5303:
----------------------------------

             Summary: Remove HttpClient dependency
                 Key: PIG-5303
                 URL: https://issues.apache.org/jira/browse/PIG-5303
             Project: Pig
          Issue Type: Bug
            Reporter: Nandor Kollar
            Assignee: Nandor Kollar


Pig depends on Apache Commons HttpClient 3.1 which is an old version with security problems ([CVE-2015-5262|https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2015-5262])

Also, Pig depends on Apache HttpComponents (it also needs update to newer version due to similar reason), which is the successor of HttpClient, thus we should remove HttpClient dependency, and update HttpComponents to 4.4+



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)