ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jaikiran Pai <jai.forums2...@gmail.com>
Subject Re: Ivy - No more support for commons-httpclient 2.x in runtime classpath?
Date Mon, 24 Jul 2017 06:19:29 GMT
That's a a big enough reason to move to HttpComponents Client 4.x 
version! I'll have that done in this release of Ivy then.

-Jaikiran


On 24/07/17 11:43 AM, Stefan Bodewig wrote:
> On 2017-07-24, Jaikiran Pai wrote:
>
>> Ivy currently uses commons-httpclient for dealing with HTTP
>> repositories. This is an internal implementation detail of Ivy. The
>> way it's implemented, it allows the user to use a version of their
>> choice, of this library, by placing them in the runtime classpath
>> (similar to some other libraries we use). The implementation
>> internally checks for the presence of 2.x as well as 3.x version of
>> library to decide which version to use at _runtime_ .
> Let me point out that even 3.x has long reached end of life. It's
> successor fixed CVE-2012-5783[1] with 4.2.3 but there hasn't been any
> 3.x release that has fixed it AFAIK.
>
> Stefan
>
> [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
> For additional commands, e-mail: dev-help@ant.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message