ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicolas Lalevée <nicolas.lale...@hibnet.org>
Subject Re: Ivy - No more support for commons-httpclient 2.x in runtime classpath?
Date Mon, 24 Jul 2017 19:07:43 GMT

> Le 24 juil. 2017 à 08:19, Jaikiran Pai <jai.forums2013@gmail.com> a écrit :
> 
> That's a a big enough reason to move to HttpComponents Client 4.x version! I'll have
that done in this release of Ivy then.

+1

Nicolas

> 
> -Jaikiran
> 
> 
> On 24/07/17 11:43 AM, Stefan Bodewig wrote:
>> On 2017-07-24, Jaikiran Pai wrote:
>> 
>>> Ivy currently uses commons-httpclient for dealing with HTTP
>>> repositories. This is an internal implementation detail of Ivy. The
>>> way it's implemented, it allows the user to use a version of their
>>> choice, of this library, by placing them in the runtime classpath
>>> (similar to some other libraries we use). The implementation
>>> internally checks for the presence of 2.x as well as 3.x version of
>>> library to decide which version to use at _runtime_ .
>> Let me point out that even 3.x has long reached end of life. It's
>> successor fixed CVE-2012-5783[1] with 4.2.3 but there hasn't been any
>> 3.x release that has fixed it AFAIK.
>> 
>> Stefan
>> 
>> [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
>> For additional commands, e-mail: dev-help@ant.apache.org
>> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
> For additional commands, e-mail: dev-help@ant.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message