[
https://issues.apache.org/jira/browse/HADOOP-12710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15098879#comment-15098879
]
Haohui Mai commented on HADOOP-12710:
-------------------------------------
If there are known security issues and they are not going to be fixed in
commonhttpclient as it is EOL, we should probably just clean up the code and
cut the dependency.
> Remove dependency on commons-httpclient for TestHttpServerLogs
> --------------------------------------------------------------
>
> Key: HADOOP-12710
> URL: https://issues.apache.org/jira/browse/HADOOP-12710
> Project: Hadoop Common
> Issue Type: Sub-task
> Affects Versions: 3.0.0
> Reporter: Wei-Chiu Chuang
> Assignee: Wei-Chiu Chuang
> Attachments: HADOOP-12710.001.patch
>
>
> Commons-httpclient has long been EOL. Critically, it has several security
> vulnerabilities: CVE-2012-5783
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5783.
> I saw a recent commit that depends on commons-httpclient for
> TestHttpServerLogs (HADOOP-12625) This JIRA intends to replace the dependency
> with httpclient APIs.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
