Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-30881

upgrade outbound HTTP client dependencies

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.14.21
    • Fix Version/s: 2.15.0
    • Component/s: Transport
    • Labels:
    • Story Points:
      2
    • Release Note:
      Yes
    • Notability:
      n/a
    • InvestmentLayer:
      support-escalated
    • Aha Concept:
      non-concept

      Description

      Repository 2 uses httpclient and httpcore libraries for outbound http requests.

      Versions used in 2.14.21:

      <groupId>org.apache.httpcomponents</groupId>
      <artifactId>httpclient</artifactId>
      <version>4.3.6</version>
      
      <groupId>org.apache.httpcomponents</groupId>
      <artifactId>httpmime</artifactId>
      <version>4.3.6</version>
      
      <groupId>org.apache.httpcomponents</groupId>
      <artifactId>httpcore</artifactId>
      <version>4.3.3</version>
      

      New versions:

      <groupId>org.apache.httpcomponents</groupId>
      <artifactId>httpclient</artifactId>
      <version>4.5.13</version>
      
      <groupId>org.apache.httpcomponents</groupId>
      <artifactId>httpmime</artifactId>
      <version>4.5.13</version>
      
      <groupId>org.apache.httpcomponents</groupId>
      <artifactId>httpcore</artifactId>
      <version>4.4.14</version>
      

      Expected

      Upgrade httpclient and httpcore to latest compatible/safe minor versions.

      Direction

      Sonatype testing does not report an issue with this dependency upgrade in the next planned release. Customers who upgrade Nexus Repository 2 and experience outbound transport issues should review httpclient changelog for potential changes related to their suspected issue:

      https://downloads.apache.org/httpcomponents/httpclient/RELEASE_NOTES-4.5.x.txt
      https://downloads.apache.org/httpcomponents/httpcore/RELEASE_NOTES-4.4.x.txt

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Rich Seddon Rich Seddon
            Team:
            NXRM - Optimus
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title