[
https://issues.apache.org/jira/browse/THRIFT-3065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Roger Meier resolved THRIFT-3065.
---------------------------------
Resolution: Fixed
lib dependencies updated:
{noformat}
diff --git a/lib/java/build.properties b/lib/java/build.properties
index b3a4755..96cf8d3 100644
--- a/lib/java/build.properties
+++ b/lib/java/build.properties
@@ -24,8 +24,8 @@ maven-repository-id=apache.releases.https
mvn.ant.task.version=2.1.3
# Dependency versions
-httpclient.version=4.2.5
-httpcore.version=4.2.4
-slf4j.version=1.5.8
+httpclient.version=4.4.1
+httpcore.version=4.4.1
+slf4j.version=1.7.12
servlet.version=2.5
{noformat}
> Update libthrift dependencies (slf4j, httpcore, httpclient)
> -----------------------------------------------------------
>
> Key: THRIFT-3065
> URL: https://issues.apache.org/jira/browse/THRIFT-3065
> Project: Thrift
> Issue Type: Bug
> Components: Java - Library
> Affects Versions: 0.9.2
> Reporter: David Dillard
> Assignee: Roger Meier
>
> libthrift 0.9.2 has dependencies on httpclient 4.2.5, httpcore 4.2.4 and
> slf4j 1.5.8. All of these should be updated. The most critical is
> httpclient 4.2.5 as it has a known vulnerability (CVE-2014-3577) which
> permits MiTM attacks. HttpCore might as well be updated to the latest
> version too and slf4j 1.5.8 is nearly six years old now.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
