Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-5818

Upgrade httpclient version to latest, at a minimum > 4.3.4

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • jboss-fuse-6.3
    • jboss-fuse-6.3
    • Hawtio
    • None
    • % %

      CVE against a-mq, https://issues.jboss.org/browse/ENTMQ-1596

      additional dependency via hawtio war:
      https://github.com/jboss-fuse/hawtio/blob/1.4.0.redhat-6-3-x/hawtio-system/pom.xml#L71

      should probably be 4.5.1

      find on 6.3 a-mq distro gives:

      ./data/cache/bundle188/version0.0/bundle.jar-embedded/WEB-INF/lib/httpclient-4.3.4.jar
      ./extras/apache-activemq-5.11.0.redhat-630073/lib/optional/httpclient-4.5.1.jar
      ./extras/apache-activemq-5.11.0.redhat-630073/webapps/hawtio/WEB-INF/lib/httpclient-4.3.4.jar

            kearls@redhat.com Kevin Earls (Inactive)
            gtully@redhat.com Gary Tully
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: