[
https://issues.apache.org/jira/browse/HTTPCLIENT-2150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17318705#comment-17318705
]
Jochen Schalanda commented on HTTPCLIENT-2150:
----------------------------------------------
Thanks for the update.
{quote}You will have to create the dependency in your POM or whatever build
system you use.
{quote}
This is the way we went in
[https://github.com/dropwizard/dropwizard/pull/3856]. (y)
> Update to Apache Commons Codec 1.15
> -----------------------------------
>
> Key: HTTPCLIENT-2150
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2150
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpCache
> Affects Versions: 4.5.13
> Reporter: Jochen Schalanda
> Priority: Trivial
> Labels: security
>
> Apache HttpClient 4.5.13 currently depends on Apache Commons Codec 1.11 which
> is vulnerable to
> [WS-2019-0379|https://www.whitesourcesoftware.com/vulnerability-database/WS-2019-0379].
> [https://github.com/apache/httpcomponents-client/blob/rel/v4.5.13/pom.xml#L71]
> The issue has been resolved in [Apache Commons Codec
> 1.13|https://commons.apache.org/proper/commons-codec/changes-report.html#a1.13]
> (CODEC-134).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
