Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id C5EF8200CDD for ; Mon, 24 Jul 2017 08:13:56 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id C464E163ADE; Mon, 24 Jul 2017 06:13:56 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 3D000163ADA for ; Mon, 24 Jul 2017 08:13:56 +0200 (CEST) Received: (qmail 89371 invoked by uid 500); 24 Jul 2017 06:13:55 -0000 Mailing-List: contact dev-help@ant.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Ant Developers List" Reply-To: "Ant Developers List" Delivered-To: mailing list dev@ant.apache.org Received: (qmail 89360 invoked by uid 99); 24 Jul 2017 06:13:55 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 24 Jul 2017 06:13:55 +0000 Received: from v45346.1blu.de (v45346.1blu.de [178.254.23.72]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 606721A00A8 for ; Mon, 24 Jul 2017 06:13:53 +0000 (UTC) Received: by v45346.1blu.de (Postfix, from userid 1000) id 957F840002E; Mon, 24 Jul 2017 08:13:51 +0200 (CEST) From: Stefan Bodewig To: dev@ant.apache.org Subject: Re: Ivy - No more support for commons-httpclient 2.x in runtime classpath? References: <5fa6472c-075e-5620-3f5f-ba58bddd4269@apache.org> Date: Mon, 24 Jul 2017 08:13:51 +0200 In-Reply-To: <5fa6472c-075e-5620-3f5f-ba58bddd4269@apache.org> (Jaikiran Pai's message of "Mon, 24 Jul 2017 10:54:36 +0530") Message-ID: <877eyy2wgw.fsf@v45346.1blu.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain archived-at: Mon, 24 Jul 2017 06:13:57 -0000 On 2017-07-24, Jaikiran Pai wrote: > Ivy currently uses commons-httpclient for dealing with HTTP > repositories. This is an internal implementation detail of Ivy. The > way it's implemented, it allows the user to use a version of their > choice, of this library, by placing them in the runtime classpath > (similar to some other libraries we use). The implementation > internally checks for the presence of 2.x as well as 3.x version of > library to decide which version to use at _runtime_ . Let me point out that even 3.x has long reached end of life. It's successor fixed CVE-2012-5783[1] with 4.2.3 but there hasn't been any 3.x release that has fixed it AFAIK. Stefan [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org For additional commands, e-mail: dev-help@ant.apache.org