Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-5818

Upgrade httpclient version to latest, at a minimum > 4.3.4

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: jboss-fuse-6.3
    • Fix Version/s: jboss-fuse-6.3
    • Component/s: Hawtio
    • Labels:
      None

      Description

      CVE against a-mq, https://issues.jboss.org/browse/ENTMQ-1596

      additional dependency via hawtio war:
      https://github.com/jboss-fuse/hawtio/blob/1.4.0.redhat-6-3-x/hawtio-system/pom.xml#L71

      should probably be 4.5.1

      find on 6.3 a-mq distro gives:

      ./data/cache/bundle188/version0.0/bundle.jar-embedded/WEB-INF/lib/httpclient-4.3.4.jar
      ./extras/apache-activemq-5.11.0.redhat-630073/lib/optional/httpclient-4.5.1.jar
      ./extras/apache-activemq-5.11.0.redhat-630073/webapps/hawtio/WEB-INF/lib/httpclient-4.3.4.jar

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                kearls Kevin Earls
                Reporter:
                garytully Gary Tully
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: