ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shi Jinghai (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (OFBIZ-6755) Update the passport component to use httpclient/core-4.4.1 instead of commons-httpclient-3.1
Date Fri, 11 Mar 2016 08:20:20 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-6755?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Shi Jinghai reassigned OFBIZ-6755:
----------------------------------

    Assignee: Shi Jinghai  (was: Jacques Le Roux)

> Update the passport component to use httpclient/core-4.4.1 instead of commons-httpclient-3.1
> --------------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-6755
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-6755
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: specialpurpose/passport
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Shi Jinghai
>             Fix For: Upcoming Branch
>
>
> The passport component uses commons-httpclient-3.1. This librairies is not only deprecated
but also faces a number of vulnerabilties:
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5262
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3577
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153
> The solution is to update to httpclient-4.5.1 + httpcore-4.4.3 instead
> Note that we need to keep commons-httpclient-3.1 because it's needed by Axis2-1.6.3 which
is the latest Axis2 release :/. I got this test error when removed from service/lib:
> {code}
> RPC service error (org/apache/commons/httpclient/HttpException)
> org.ofbiz.service.GenericServiceException: RPC service error (org/apache/commons/httpclient/HttpException)
> at org.ofbiz.service.engine.SOAPClientEngine.serviceInvoker(SOAPClientEngine.java:94)
> at org.ofbiz.service.engine.SOAPClientEngine.runSync(SOAPClientEngine.java:71)
> at org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:395)
> at org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:227)
> at org.ofbiz.service.GenericDispatcherFactory$GenericDispatcher.runSync(GenericDispatcherFactory.java:88)
> at org.ofbiz.service.test.ServiceSOAPTests.testSOAPService(ServiceSOAPTests.java:54)
> at org.ofbiz.testtools.TestRunContainer.start(TestRunContainer.java:146)
> at org.ofbiz.base.container.ContainerLoader.start(ContainerLoader.java:237)
> at org.ofbiz.base.start.Start.startStartLoaders(Start.java:408)
> at org.ofbiz.base.start.Start.start(Start.java:434)
> at org.ofbiz.base.start.Start.main(Start.java:135)
> Caused by: org.apache.axis2.deployment.DeploymentException: org/apache/commons/httpclient/HttpException
> at org.apache.axis2.deployment.AxisConfigBuilder.processTransportSenders(AxisConfigBuilder.java:699)
> at org.apache.axis2.deployment.AxisConfigBuilder.populateConfig(AxisConfigBuilder.java:123)
> at org.apache.axis2.deployment.DeploymentEngine.populateAxisConfiguration(DeploymentEngine.java:857)
> at org.apache.axis2.deployment.FileSystemConfigurator.getAxisConfiguration(FileSystemConfigurator.java:116)
> at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContext(ConfigurationContextFactory.java:64)
> at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContextFromFileSystem(ConfigurationContextFactory.java:210)
> at org.apache.axis2.client.ServiceClient.configureServiceClient(ServiceClient.java:151)
> at org.apache.axis2.client.ServiceClient.<init>(ServiceClient.java:144)
> at org.apache.axis2.client.ServiceClient.<init>(ServiceClient.java:251)
> at org.ofbiz.service.engine.SOAPClientEngine.serviceInvoker(SOAPClientEngine.java:88)
> Caused by: java.lang.NoClassDefFoundError: org/apache/commons/httpclient/HttpException
> at java.lang.Class.getDeclaredConstructors0(Native Method)
> at java.lang.Class.privateGetDeclaredConstructors(Class.java:2671)
> at java.lang.Class.getConstructor0(Class.java:3075)
> at java.lang.Class.newInstance(Class.java:412)
> at org.apache.axis2.deployment.AxisConfigBuilder.processTransportSenders(AxisConfigBuilder.java:684)
> Caused by: java.lang.ClassNotFoundException: org.apache.commons.httpclient.HttpException
> at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message