[jira] [Resolved] (SENTRY-1446) Upgrade httpmime (Sentry) to 4.3.6 or greater.

Colm O hEigeartaigh (JIRA) Mon, 13 Nov 2017 09:23:26 -0800

     [ 
https://issues.apache.org/jira/browse/SENTRY-1446?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Colm O hEigeartaigh resolved SENTRY-1446.
-----------------------------------------
    Resolution: Fixed


Sentry 2.0.0 ships httpmime-4.5.3.jar (due to the Solr upgrade)

> Upgrade httpmime (Sentry) to 4.3.6 or greater.
> ----------------------------------------------
>
>                 Key: SENTRY-1446
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1446
>             Project: Sentry
>          Issue Type: New Feature
>          Components: Sentry
>    Affects Versions: 1.8.0
>            Reporter: Anne Yu
>             Fix For: 2.0.0
>
>
> http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents 
> HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting 
> during an SSL handshake, which allows remote attackers to cause a denial of 
> service (HTTPS call hang) via unspecified vectors.
> Upgrade to 4.3.6 or greater.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Resolved] (SENTRY-1446) Upgrade httpmime (Sentry) to 4.3.6 or greater.

Reply via email to