spring-cloud-netflix icon indicating copy to clipboard operation
spring-cloud-netflix copied to clipboard
verified publisher icon spring-cloud

spring-cloud-starter-netflix-eureka-client:4.3.0 has vulnerability with dependency httpclient:4.5.3

Open ziad-saade opened this issue 8 months ago • 2 comments

Image

httpclient:4.5.3 has vulnerability:

Image

https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient/4.5.3

to fix the issue upgrade to httpclient:4.5.14

@OlgaMaciaszek

ziad-saade avatar Jun 04 '25 05:06 ziad-saade

Hello, @ziad-saade. As you can see in the dependency tree, it is not our dependency. It's brought transitively by Netflix/Eureka. I have created a PR there: https://github.com/Netflix/eureka/pull/1598, but dependency issues for that project can be registered there directly and PRs can be submitted to get the change in.

OlgaMaciaszek avatar Jun 06 '25 13:06 OlgaMaciaszek

Good morning @OlgaMaciaszek

Thanks for the PR.

ziad-saade avatar Jun 07 '25 04:06 ziad-saade