> Le 24 juil. 2017 à 08:19, Jaikiran Pai <jai.forums2...@gmail.com> a écrit : > > That's a a big enough reason to move to HttpComponents Client 4.x version! > I'll have that done in this release of Ivy then.
+1 Nicolas > > -Jaikiran > > > On 24/07/17 11:43 AM, Stefan Bodewig wrote: >> On 2017-07-24, Jaikiran Pai wrote: >> >>> Ivy currently uses commons-httpclient for dealing with HTTP >>> repositories. This is an internal implementation detail of Ivy. The >>> way it's implemented, it allows the user to use a version of their >>> choice, of this library, by placing them in the runtime classpath >>> (similar to some other libraries we use). The implementation >>> internally checks for the presence of 2.x as well as 3.x version of >>> library to decide which version to use at _runtime_ . >> Let me point out that even 3.x has long reached end of life. It's >> successor fixed CVE-2012-5783[1] with 4.2.3 but there hasn't been any >> 3.x release that has fixed it AFAIK. >> >> Stefan >> >> [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783 >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org >> For additional commands, e-mail: dev-h...@ant.apache.org >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org > For additional commands, e-mail: dev-h...@ant.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
