[ https://issues.apache.org/jira/browse/RAT-275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17464107#comment-17464107 ]
ASF subversion and git services commented on RAT-275: ----------------------------------------------------- Commit 6d14e1cbf761f4caf3b311d72396e8ed94c413ad in creadur-rat's branch refs/heads/master from Philipp Ottlinger [ https://gitbox.apache.org/repos/asf?p=creadur-rat.git;h=6d14e1c ] RAT-275: fallback to defaults when processing site resources > Update httpclient to fix CVE-2020-13956 once a new doxia-core release is > available > ---------------------------------------------------------------------------------- > > Key: RAT-275 > URL: https://issues.apache.org/jira/browse/RAT-275 > Project: Apache Rat > Issue Type: Bug > Affects Versions: 0.13, 0.14 > Reporter: Philipp Ottlinger > Assignee: Philipp Ottlinger > Priority: Major > Fix For: 0.14 > > > Once a newer doxia version is available update to it in order to fix: > [https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1016906] > h2. Remediation > Upgrade {{org.apache.httpcomponents:httpclient}} to version 4.5.13, 5.0.3 or > higher. > Currently the most up2date doxia uses v4.5.8 of httpclient. > h2. Update > * The branch "update-doxia-tools" tries to update some other outdated > components in RAT as well .... > * 2021-06-21: Upcoming release of doxia stuff v1.10 .... -- This message was sent by Atlassian Jira (v8.20.1#820001)