[
https://issues.apache.org/jira/browse/PIG-5302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16220540#comment-16220540
]
Nandor Kollar commented on PIG-5302:
------------------------------------
Uploaded patch version #3 which applies to latest trunk, and with a tiny fix
(old commons-lang remained in build.xml).
> Remove HttpClient dependency
> ----------------------------
>
> Key: PIG-5302
> URL: https://issues.apache.org/jira/browse/PIG-5302
> Project: Pig
> Issue Type: Bug
> Reporter: Nandor Kollar
> Assignee: Nandor Kollar
> Attachments: PIG-5302_1.patch, PIG-5302_2.patch, PIG-5302_3.patch,
> ivy-report.css, org.apache.pig-pig-compile.html
>
>
> Pig depends on Apache Commons HttpClient 3.1 which is an old version with
> security problems
> ([CVE-2015-5262|https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2015-5262])
> Also, Pig depends on Apache HttpComponents (it also needs update to newer
> version due to similar reason), which is the successor of HttpClient, thus we
> should remove HttpClient dependency, and update HttpComponents to 4.4+
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
