Merge pull request #6752 from ant-media/resolve-CVE-202-13956

Resolve CVE 202 13956
ant-media · Nov 3, 2024 · 8578bef · 8578bef
2 parents e5a9da0 + 0da89e1
commit 8578bef
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/pom.xml b/pom.xml
@@ -532,6 +532,15 @@
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpmime</artifactId>
             <version>${httpmime.version}</version>
+        </dependency>
+          <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+                <!-- We explicityly overwrite below to resolve the CVE-2020-13956 vulnerability (We don't need to add this dependency explicitly, it's already added by other dependencies) ) 
+             We need to upgrade the httpclient to 5 later when all other dependent libs are up to date
+             mekya   -->
+
+            <version>4.5.13</version>
         </dependency>
         <dependency>
 		    <groupId>org.apache.kafka</groupId>