[JITL-663] Update org.apache.httpcomponents:httpclient from 4.5.2 to 4.5.13 due to 3rd party vulnerability issue CVE-2020-13956 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.13.9
Fix Version/s: 1.13.10
Labels:
None

CVE-ID:
CVE-2020-13956

Description

Current Situation

Currently JobScheduler components use org.apache.httpcomponents:httpclient version 4.5.2
a vulnerability affects this version,
- see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956

Desired Behavior

Due to a vulnerability Issue of older httpcomponents:httpclient releases the JobScheduler components should use the current version 4.5.13 that fixes the issues.

Attachments

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Kanika Agrawal

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 02 November 2021 12:22

Updated:: 18 December 2021 01:35

Resolved:: 02 November 2021 12:27