drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cong Luo (Jira)" <j...@apache.org>
Subject [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
Date Fri, 04 Jun 2021 07:28:00 GMT
Cong Luo created DRILL-7946:
-------------------------------

             Summary: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
                 Key: DRILL-7946
                 URL: https://issues.apache.org/jira/browse/DRILL-7946
             Project: Apache Drill
          Issue Type: Improvement
            Reporter: Cong Luo
            Assignee: Cong Luo
             Fix For: 1.19.0


Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority
component in request URIs passed to the library as java.net.URI object and pick the wrong
target host for request execution.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message