[
https://issues.apache.org/jira/browse/FLUME-3114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16091725#comment-16091725
]
Attila Simon commented on FLUME-3114:
-------------------------------------
Excerpt from dependency:tree
{noformat}
org.apache.flume:flume-ng-auth:jar:1.8.0-SNAPSHOT
+- org.apache.hadoop:hadoop-common:jar:2.4.0:compile
| +- commons-httpclient:commons-httpclient:jar:3.1:compile
{noformat}
> Upgrade commons-httpclient library dependency
> ---------------------------------------------
>
> Key: FLUME-3114
> URL: https://issues.apache.org/jira/browse/FLUME-3114
> Project: Flume
> Issue Type: Bug
> Affects Versions: 1.7.0
> Reporter: Attila Simon
> Priority: Critical
> Labels: dependency
> Fix For: 1.8.0
>
>
> ||Group||Artifact||Version used||Upgrade target||
> |commons-httpclient|commons-httpclient|3.1,3.0.1|4.5.2|
> Note: This artifact was moved to:
> * New Group org.apache.httpcomponents
> * New Artifact httpclient
> Security vulnerability: https://www.cvedetails.com/cve/CVE-2012-5783/
> Please do:
> - double check the newest version.
> - consider to remove a dependency if better alternative is available.
> - check whether the lib change would introduce a backward incompatibility (in
> which case please add this label `breaking_change` and fix version should be
> the next major)
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
