[
https://issues.apache.org/jira/browse/SLIDER-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15296682#comment-15296682
]
Steve Loughran commented on SLIDER-1129:
----------------------------------------
Slider doesn't use the httpclient library at all in its production code. It's
used in the tests, that's all.
I'm bumping up the versions in the POM to the later ones, and marking the
dependencies as scope=test only. This guarantees they won't get into production
code, and so not redistributed.
> update apache httpclient version to 4.5.2; httpcore to 4.4.4
> ------------------------------------------------------------
>
> Key: SLIDER-1129
> URL: https://issues.apache.org/jira/browse/SLIDER-1129
> Project: Slider
> Issue Type: Improvement
> Components: build
> Affects Versions: Slider 0.90.2
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> We need to update the Http Client libraries, to address a couple of CVEs.
> apache httpclient => 4.5.2
> httpcore => 4.4.4
> We've done this for Hadoop in HADOOP-12767; this will be the same.
> # increment the versions
> # identify where minor version incompatibilities surface. (static code review)
> # test
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
