From 70520110b8ce1e51f724b68a7059e56bf68041cd Mon Sep 17 00:00:00 2001 From: Pedro Silva Date: Wed, 4 May 2022 16:09:47 +0100 Subject: [PATCH 1/2] Fixes httpclient vulnerability by replacing it with a newer alternative --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index c0471b4c10..9586ac71f6 100644 --- a/build.gradle +++ b/build.gradle @@ -55,7 +55,7 @@ project.ext.externalDependency = [ 'commonsCli': 'commons-cli:commons-cli:1.0', 'commonsCodec': 'commons-codec:commons-codec:1.3', 'commonsCompress': 'org.apache.commons:commons-compress:1.2', - 'commonsHttpClient': 'commons-httpclient:commons-httpclient:3.1', + 'commonsHttpClient': 'org.apache.httpcomponents.client5:httpclient5:5.1.3',//'org.apache.httpcomponents:httpclient:4.5.13', //'commons-httpclient:commons-httpclient:3.3.2', 'commonsIo': 'commons-io:commons-io:2.4', 'commonsLang': 'commons-lang:commons-lang:2.6', 'commonsText': 'org.apache.commons:commons-text:1.8', From 44dd8e42591e4016b3c1ccbb1016e1eb165abea3 Mon Sep 17 00:00:00 2001 From: Pedro Silva Date: Wed, 4 May 2022 19:28:27 +0100 Subject: [PATCH 2/2] Updates changelog & removes comment from build.gradle --- CHANGELOG.md | 1 + build.gradle | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8042469bfd..617e891abd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ When updating the changelog, remember to be very clear about what behavior has c and what APIs have changed, if applicable. ## [Unreleased] +- Change commons-httpclient dependency with httpcomponents.client5:httpclient5 to fix security vulnerability ## [29.33.6] - 2022-05-03 - Provide a mechanism to set a routing hint for the d2 request to get request symbol table. diff --git a/build.gradle b/build.gradle index 9586ac71f6..fdf8b1ed1d 100644 --- a/build.gradle +++ b/build.gradle @@ -55,7 +55,7 @@ project.ext.externalDependency = [ 'commonsCli': 'commons-cli:commons-cli:1.0', 'commonsCodec': 'commons-codec:commons-codec:1.3', 'commonsCompress': 'org.apache.commons:commons-compress:1.2', - 'commonsHttpClient': 'org.apache.httpcomponents.client5:httpclient5:5.1.3',//'org.apache.httpcomponents:httpclient:4.5.13', //'commons-httpclient:commons-httpclient:3.3.2', + 'commonsHttpClient': 'org.apache.httpcomponents.client5:httpclient5:5.1.3', 'commonsIo': 'commons-io:commons-io:2.4', 'commonsLang': 'commons-lang:commons-lang:2.6', 'commonsText': 'org.apache.commons:commons-text:1.8',