Code Review / so / libs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: f0261ef)
NexusIQ security violation - httpclient 47/37247/1
authorRob Daugherty <rd472p@att.com>
Tue, 20 Mar 2018 20:38:15 +0000 (16:38 -0400)
committerRob Daugherty <rd472p@att.com>
Tue, 20 Mar 2018 20:39:00 +0000 (16:39 -0400)
Violation in:

org.apache-httpcomponents : httpclient : 4.4.1, 4.3.1, 4.3.3, 4.5, 4.5.2

Fix:

Upgrade httpclient to 4.5.5 and httpcore to 4.4.4

Change-Id: I438214d7ee866dd95ffb6bcbc47999b95f200bec
Issue-ID: SO-507
Signed-off-by: Rob Daugherty <rd472p@att.com>
openstack-client-connectors/http-connector/pom.xml patch | blob | history
openstack-client-connectors/resteasy-connector/pom.xml patch | blob | history
pom.xml patch | blob | history

diff --git a/openstack-client-connectors/http-connector/pom.xml b/openstack-client-connectors/http-connector/pom.xml
index d351f68..bd1d81f 100644 (file)
--- a/openstack-client-connectors/http-connector/pom.xml
+++ b/openstack-client-connectors/http-connector/pom.xml
@@ -14,14 +14,11 @@
        <dependency>
                <groupId>org.apache.httpcomponents</groupId>
                <artifactId>httpclient</artifactId>
-               <!-- <version>4.3.5</version>-->
-                       <version>4.5.5</version>
        </dependency>
        <!-- bwj: added httpcore -->
        <dependency>
                <groupId>org.apache.httpcomponents</groupId>
                <artifactId>httpcore</artifactId>
-               <version>4.4.4</version>
        </dependency>
        <dependency>
                <groupId>org.codehaus.jackson</groupId>
@@ -35,4 +32,4 @@
        </dependency>
   </dependencies>
 
-</project>
\ No newline at end of file
+</project>
diff --git a/openstack-client-connectors/resteasy-connector/pom.xml b/openstack-client-connectors/resteasy-connector/pom.xml
index 67a219d..958f927 100644 (file)
--- a/openstack-client-connectors/resteasy-connector/pom.xml
+++ b/openstack-client-connectors/resteasy-connector/pom.xml
@@ -31,13 +31,11 @@
        <dependency>
                <groupId>org.apache.httpcomponents</groupId>
                <artifactId>httpclient</artifactId>
-               <version>4.5.5</version>
        </dependency>
          <dependency>
                  <groupId>org.apache.httpcomponents</groupId>
                  <artifactId>httpcore</artifactId>
-                 <version>4.4.4</version>
          </dependency>
   </dependencies>
 
-</project>
\ No newline at end of file
+</project>
diff --git a/pom.xml b/pom.xml
index 71c486f..de300f9 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -80,6 +80,18 @@
        </pluginRepositories>
        <dependencyManagement>
                <dependencies>
+                       <dependency>
+                               <groupId>org.apache.httpcomponents</groupId>
+                               <artifactId>httpclient</artifactId>
+                               <version>4.5.5</version>
+                               <scope>compile</scope>
+                       </dependency>
+                       <dependency>
+                               <groupId>org.apache.httpcomponents</groupId>
+                               <artifactId>httpcore</artifactId>
+                               <version>4.4.4</version>
+                               <scope>compile</scope>
+                       </dependency>
                        <dependency>
                                <groupId>junit</groupId>
                                <artifactId>junit</artifactId>
SO OpenStack Java SDK