[ https://issues.apache.org/jira/browse/PIG-5302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Adam Szita updated PIG-5302: ---------------------------- Resolution: Fixed Fix Version/s: 0.18.0 Status: Resolved (was: Patch Available) > Remove HttpClient dependency > ---------------------------- > > Key: PIG-5302 > URL: https://issues.apache.org/jira/browse/PIG-5302 > Project: Pig > Issue Type: Improvement > Reporter: Nandor Kollar > Assignee: Nandor Kollar > Fix For: 0.18.0 > > Attachments: PIG-5302_1.patch, PIG-5302_2.patch, PIG-5302_3.patch, > PIG-5302_4.patch, ivy-report.css, org.apache.pig-pig-compile.html > > > Pig depends on Apache Commons HttpClient 3.1 which is an old version with > security problems > ([CVE-2015-5262|https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2015-5262]) > Also, Pig depends on Apache HttpComponents (it also needs update to newer > version due to similar reason), which is the successor of HttpClient, thus we > should remove HttpClient dependency, and update HttpComponents to 4.4+ -- This message was sent by Atlassian JIRA (v6.4.14#64029)