Don't depend on version 3.1 of commons-httpclient

Question

Don't depend on version 3.1 of commons-httpclient

Opened this issue 5 years ago · 2 comments

commons-httpclient version 3.1 has several known vulnerabilities. The artifact is renamed for 4.x and should be used instead

Answer 1 · 2019-12-10T18:24:40.000Z

Aye aye! I'll try to make some time in the near future to address this and some of the other issues!

Answer 2 · 2019-12-20T22:16:22.000Z

I second the request. If it helps at all, the main issue you'll have with migrating will be with the HttpSecureProtocol class as the SecureProtocolSocketFactory class has been completely removed. I don't see anything resembling an alternative to it.