[ https://issues.apache.org/jira/browse/PIG-5302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandor Kollar updated PIG-5302: ------------------------------- Attachment: PIG-5302_2.patch > Remove HttpClient dependency > ---------------------------- > > Key: PIG-5302 > URL: https://issues.apache.org/jira/browse/PIG-5302 > Project: Pig > Issue Type: Bug > Reporter: Nandor Kollar > Assignee: Nandor Kollar > Attachments: PIG-5302_1.patch, PIG-5302_2.patch > > > Pig depends on Apache Commons HttpClient 3.1 which is an old version with > security problems > ([CVE-2015-5262|https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2015-5262]) > Also, Pig depends on Apache HttpComponents (it also needs update to newer > version due to similar reason), which is the successor of HttpClient, thus we > should remove HttpClient dependency, and update HttpComponents to 4.4+ -- This message was sent by Atlassian JIRA (v6.4.14#64029)