drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [drill] luocooong opened a new pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
Date Fri, 04 Jun 2021 08:35:15 GMT

luocooong opened a new pull request #2250:
URL: https://github.com/apache/drill/pull/2250


   # [DRILL-7946](https://issues.apache.org/jira/browse/DRILL-7946): Bump HttpClient from
4.5.12 to 4.5.13 for CVE-2020-13956
   
   ## Description
   
   CVE-2020-13956
   
   Vulnerable versions: < 4.5.13
   Patched version: 4.5.13
   
   Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed
authority component in request URIs passed to the library as java.net.URI object and pick
the wrong target host for request execution.
   
   ## Documentation
   N/A
   
   ## Testing
   Waiting for the unit tests passed.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message