[ https://issues.apache.org/jira/browse/HADOOP-12710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15380332#comment-15380332 ]
Matt Foley commented on HADOOP-12710: ------------------------------------- This jira is marked fixed in 2.9.0, which is true. However, it is worth noting that the affected file, hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServerLogs.java, is new in 2.9.0. That is, it was not introduced to branch-2 until after branch-2.8 was forked off, so the issue does not exist in 2.8.0 or earlier. > Remove dependency on commons-httpclient for TestHttpServerLogs > -------------------------------------------------------------- > > Key: HADOOP-12710 > URL: https://issues.apache.org/jira/browse/HADOOP-12710 > Project: Hadoop Common > Issue Type: Sub-task > Affects Versions: 3.0.0-alpha1 > Reporter: Wei-Chiu Chuang > Assignee: Wei-Chiu Chuang > Fix For: 2.9.0 > > Attachments: HADOOP-12710.001.patch > > > Commons-httpclient has long been EOL. Critically, it has several security > vulnerabilities: CVE-2012-5783 > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5783. > I saw a recent commit that depends on commons-httpclient for > TestHttpServerLogs (HADOOP-12625) This JIRA intends to replace the dependency > with httpclient APIs. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org