Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability in org.glassfish.jersey.connectors:jersey-apache-connector:jar:2.27 #4211

Closed
sumitkdey opened this issue Jul 30, 2019 · 1 comment
Closed

Vulnerability in org.glassfish.jersey.connectors:jersey-apache-connector:jar:2.27 #4211

sumitkdey opened this issue Jul 30, 2019 · 1 comment

Comments

@sumitkdey
Copy link

The apache connector org.glassfish.jersey.connectors:jersey-apache-connector:jar:2.27 has a dependency on org.apache.httpcomponents:httpclient:jar:4.5 which is known to be vulnerable as per https://issues.apache.org/jira/browse/HTTPCLIENT-1803

Is there a newer version of the apache connector available that has this vulnerability resolved? If not, can you please create a new release?
@jansupol
Copy link
Contributor

Thanks for pointing to this. However, you can update the httpclient in your pom (exclude the dependency on 4.5 and add a dependency to 4.5.3), should you really need it. We will update it in a next release, too.

@jansupol jansupol mentioned this issue Jul 31, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sumitkdey @jansupol