[ https://issues.apache.org/jira/browse/PIG-5302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16220540#comment-16220540 ]
Nandor Kollar commented on PIG-5302: ------------------------------------ Uploaded patch version #3 which applies to latest trunk, and with a tiny fix (old commons-lang remained in build.xml). > Remove HttpClient dependency > ---------------------------- > > Key: PIG-5302 > URL: https://issues.apache.org/jira/browse/PIG-5302 > Project: Pig > Issue Type: Bug > Reporter: Nandor Kollar > Assignee: Nandor Kollar > Attachments: PIG-5302_1.patch, PIG-5302_2.patch, PIG-5302_3.patch, > ivy-report.css, org.apache.pig-pig-compile.html > > > Pig depends on Apache Commons HttpClient 3.1 which is an old version with > security problems > ([CVE-2015-5262|https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2015-5262]) > Also, Pig depends on Apache HttpComponents (it also needs update to newer > version due to similar reason), which is the successor of HttpClient, thus we > should remove HttpClient dependency, and update HttpComponents to 4.4+ -- This message was sent by Atlassian JIRA (v6.4.14#64029)