{"affected":[{"ecosystem_specific":{"binaries":[{"httpcomponents-client":"4.5.14-150200.3.9.1","httpcomponents-core":"4.4.14-150200.3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP5","name":"httpcomponents-client","purl":"pkg:rpm/suse/httpcomponents-client&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.5.14-150200.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"httpcomponents-client":"4.5.14-150200.3.9.1","httpcomponents-core":"4.4.14-150200.3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP5","name":"httpcomponents-core","purl":"pkg:rpm/suse/httpcomponents-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.14-150200.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"httpcomponents-client":"4.5.14-150200.3.9.1","httpcomponents-core":"4.4.14-150200.3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP6","name":"httpcomponents-client","purl":"pkg:rpm/suse/httpcomponents-client&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.5.14-150200.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"httpcomponents-client":"4.5.14-150200.3.9.1","httpcomponents-core":"4.4.14-150200.3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP6","name":"httpcomponents-core","purl":"pkg:rpm/suse/httpcomponents-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.14-150200.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"httpcomponents-client":"4.5.14-150200.3.9.1","httpcomponents-core":"4.4.14-150200.3.9.1"}]},"package":{"ecosystem":"SUSE:Manager Server Module 4.3","name":"httpcomponents-client","purl":"pkg:rpm/suse/httpcomponents-client&distro=SUSE%20Manager%20Server%20Module%204.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.5.14-150200.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"httpcomponents-client":"4.5.14-150200.3.9.1","httpcomponents-core":"4.4.14-150200.3.9.1"}]},"package":{"ecosystem":"SUSE:Manager Server Module 4.3","name":"httpcomponents-core","purl":"pkg:rpm/suse/httpcomponents-core&distro=SUSE%20Manager%20Server%20Module%204.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.14-150200.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"httpcomponents-client":"4.5.14-150200.3.9.1","httpcomponents-client-cache":"4.5.14-150200.3.9.1","httpcomponents-client-javadoc":"4.5.14-150200.3.9.1","httpcomponents-core":"4.4.14-150200.3.9.1","httpcomponents-core-javadoc":"4.4.14-150200.3.9.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"httpcomponents-client","purl":"pkg:rpm/opensuse/httpcomponents-client&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.5.14-150200.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"httpcomponents-client":"4.5.14-150200.3.9.1","httpcomponents-client-cache":"4.5.14-150200.3.9.1","httpcomponents-client-javadoc":"4.5.14-150200.3.9.1","httpcomponents-core":"4.4.14-150200.3.9.1","httpcomponents-core-javadoc":"4.4.14-150200.3.9.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"httpcomponents-core","purl":"pkg:rpm/opensuse/httpcomponents-core&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.14-150200.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"httpcomponents-client":"4.5.14-150200.3.9.1","httpcomponents-client-cache":"4.5.14-150200.3.9.1","httpcomponents-client-javadoc":"4.5.14-150200.3.9.1","httpcomponents-core":"4.4.14-150200.3.9.1","httpcomponents-core-javadoc":"4.4.14-150200.3.9.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"httpcomponents-client","purl":"pkg:rpm/opensuse/httpcomponents-client&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.5.14-150200.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"httpcomponents-client":"4.5.14-150200.3.9.1","httpcomponents-client-cache":"4.5.14-150200.3.9.1","httpcomponents-client-javadoc":"4.5.14-150200.3.9.1","httpcomponents-core":"4.4.14-150200.3.9.1","httpcomponents-core-javadoc":"4.4.14-150200.3.9.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"httpcomponents-core","purl":"pkg:rpm/opensuse/httpcomponents-core&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.14-150200.3.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for httpcomponents-client, httpcomponents-core fixes the following issues:\n\nhttpcomponents-client:\n  - Update to version 4.5.14\n    * HTTPCLIENT-2206: Corrected resource de-allocation by fluent\n      response objects.\n    * HTTPCLIENT-2174: URIBuilder to return a new empty list instead\n      of unmodifiable Collections#emptyList.\n    * Don't retry requests in case of NoRouteToHostException.\n    * HTTPCLIENT-2144: RequestBuilder fails to correctly copy charset\n      of requests with form url-encoded body.\n    * PR #269: 4.5.x use array fill and more.\n      + Use Arrays.fill().\n      + Remove redundant modifiers.\n      + Use Collections.addAll() and Collection.addAll() APIs instead of loops.\n      + Remove redundant returns.\n      + No need to explicitly declare an array when calling a vararg method.\n      + Remote extra semicolons (;).\n      + Use a 'L' instead of 'l' to make long literals more readable.\n    * PublicSuffixListParser.parseByType(Reader) allocates but does\n      not use a 256 char StringBuilder.\n    * Incorrect handling of malformed authority component by\n      URIUtils#extractHost (bsc#1177488, CVE-2020-13956).\n    * Avoid updating Content-Length header in a 304 response.\n    * Bug fix: BasicExpiresHandler is annotated as immutable but is\n      not (#239)\n    * HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler.\n\nhttpcomponents-core:\n  - Upgraded to version 4.4.14\n    * PR #231: 4.4.x Use better map apis and more.\n      + Remove redundant modifiers.\n      + Use Collections.addAll() API instead of loops.\n      + Remove redundant returns.\n      + No need to explicitly declare an array when calling a vararg method.\n      + Remote extra semicolons (;).\n    * Bug fix: Non-blocking TLSv1.3 connections can end up in an\n      infinite event spin when closed concurrently by the local and\n      the remote endpoints.\n    * HTTPCORE-647: Non-blocking connection terminated due to\n      'java.io.IOException: Broken pipe' can enter an infinite loop\n      flushing buffered output data.\n    * PR #201, HTTPCORE-634: Fix race condition in AbstractConnPool\n      that can cause internal state corruption when persistent\n      connections are manually removed from the pool.\n","id":"SUSE-SU-2024:4036-1","modified":"2024-11-18T15:24:08Z","published":"2024-11-18T15:24:08Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20244036-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1177488"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-13956"}],"related":["CVE-2020-13956"],"summary":"Security update for httpcomponents-client, httpcomponents-core","upstream":["CVE-2020-13956"]}