That is already fixed under Ubuntu Pro: https://ubuntu.com/security/notices/USN-5245-1 https://ubuntu.com/security/notices/USN-5239-1
** Changed in: maven (Ubuntu) Status: Confirmed => Fix Released ** Changed in: httpcomponents-client (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1922654 Title: Apache Maven Multiple Security Bypass Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/httpcomponents-client/+bug/1922654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs