[
https://issues.apache.org/jira/browse/OFBIZ-6755?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15234203#comment-15234203
]
Jacques Le Roux edited comment on OFBIZ-6755 at 4/10/16 5:22 PM:
-----------------------------------------------------------------
At revision: 1738443, I had to revert the changes in SolrUtil.java which
slipped in with r1738407. It was unrelated with the passport fix and should not
have been committed with it and then backported
was (Author: jacques.le.roux):
I had to revert the changes in SolrUtil.java which slipped in with r1738407. It
was unrelated with the passport fix and should not have been committed with it
and then backported
> Update the passport component to use httpclient/core-4.4.1 instead of
> commons-httpclient-3.1
> --------------------------------------------------------------------------------------------
>
> Key: OFBIZ-6755
> URL: https://issues.apache.org/jira/browse/OFBIZ-6755
> Project: OFBiz
> Issue Type: Sub-task
> Components: specialpurpose/passport
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Shi Jinghai
> Fix For: Upcoming Branch, 15.12.01
>
>
> The passport component uses commons-httpclient-3.1. This librairies is not
> only deprecated but also faces a number of vulnerabilties:
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5262
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3577
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153
> The solution is to update to httpclient/core-4.4.1 that we have already in
> base/lib
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
