That's a a big enough reason to move to HttpComponents Client 4.x
version! I'll have that done in this release of Ivy then.
-Jaikiran
On 24/07/17 11:43 AM, Stefan Bodewig wrote:
On 2017-07-24, Jaikiran Pai wrote:
Ivy currently uses commons-httpclient for dealing with HTTP
repositories. This is an internal implementation detail of Ivy. The
way it's implemented, it allows the user to use a version of their
choice, of this library, by placing them in the runtime classpath
(similar to some other libraries we use). The implementation
internally checks for the presence of 2.x as well as 3.x version of
library to decide which version to use at _runtime_ .
Let me point out that even 3.x has long reached end of life. It's
successor fixed CVE-2012-5783[1] with 4.2.3 but there hasn't been any
3.x release that has fixed it AFAIK.
Stefan
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
