ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Bodewig <>
Subject Re: Ivy - No more support for commons-httpclient 2.x in runtime classpath?
Date Mon, 24 Jul 2017 06:13:51 GMT
On 2017-07-24, Jaikiran Pai wrote:

> Ivy currently uses commons-httpclient for dealing with HTTP
> repositories. This is an internal implementation detail of Ivy. The
> way it's implemented, it allows the user to use a version of their
> choice, of this library, by placing them in the runtime classpath
> (similar to some other libraries we use). The implementation
> internally checks for the presence of 2.x as well as 3.x version of
> library to decide which version to use at _runtime_ .

Let me point out that even 3.x has long reached end of life. It's
successor fixed CVE-2012-5783[1] with 4.2.3 but there hasn't been any
3.x release that has fixed it AFAIK.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message