diff --git a/CHANGELOG.md b/CHANGELOG.md index 5c51d3bd856a5..2dadeaee5ae63 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Bump `com.google.code.gson:gson` from 2.12.1 to 2.13.0 ([#17923](https://github.com/opensearch-project/OpenSearch/pull/17923)) - Bump `com.github.spotbugs:spotbugs-annotations` from 4.9.0 to 4.9.3 ([#17922](https://github.com/opensearch-project/OpenSearch/pull/17922)) - Bump `com.microsoft.azure:msal4j` from 1.18.0 to 1.20.0 ([#17925](https://github.com/opensearch-project/OpenSearch/pull/17925)) +- Update Apache HttpClient5 and HttpCore5 (CVE-2025-27820) ([#18152](https://github.com/opensearch-project/OpenSearch/pull/18152)) - Bump `org.apache.commons:commons-collections4` from 4.4 to 4.5.0 ([#18101](https://github.com/opensearch-project/OpenSearch/pull/18101)) ### Deprecated diff --git a/client/rest/licenses/httpclient5-5.4.1.jar.sha1 b/client/rest/licenses/httpclient5-5.4.1.jar.sha1 deleted file mode 100644 index 40156e9a42620..0000000000000 --- a/client/rest/licenses/httpclient5-5.4.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -ce913081e592ee8eeee35c4e577d7dce13cba7a4 \ No newline at end of file diff --git a/client/rest/licenses/httpclient5-5.4.4.jar.sha1 b/client/rest/licenses/httpclient5-5.4.4.jar.sha1 new file mode 100644 index 0000000000000..670a2b79b099c --- /dev/null +++ b/client/rest/licenses/httpclient5-5.4.4.jar.sha1 @@ -0,0 +1 @@ +29aafa2d5ced55ed75dab37cce5e125fb06e54d8 \ No newline at end of file diff --git a/client/rest/licenses/httpcore5-5.3.2.jar.sha1 b/client/rest/licenses/httpcore5-5.3.2.jar.sha1 deleted file mode 100644 index 44c13325b5647..0000000000000 --- a/client/rest/licenses/httpcore5-5.3.2.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -35d387301d4a719972b15fbe863020da5f913c22 \ No newline at end of file diff --git a/client/rest/licenses/httpcore5-5.3.4.jar.sha1 b/client/rest/licenses/httpcore5-5.3.4.jar.sha1 new file mode 100644 index 0000000000000..a302371e08e89 --- /dev/null +++ b/client/rest/licenses/httpcore5-5.3.4.jar.sha1 @@ -0,0 +1 @@ +ea47f0fe6e00ffb07cec3a0cb1bb801b1a9cc353 \ No newline at end of file diff --git a/client/rest/licenses/httpcore5-h2-5.3.2.jar.sha1 b/client/rest/licenses/httpcore5-h2-5.3.2.jar.sha1 deleted file mode 100644 index 67c92d8fea09c..0000000000000 --- a/client/rest/licenses/httpcore5-h2-5.3.2.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -d908a946e9161511accdc739e443b1e0b0cbba82 \ No newline at end of file diff --git a/client/rest/licenses/httpcore5-h2-5.3.4.jar.sha1 b/client/rest/licenses/httpcore5-h2-5.3.4.jar.sha1 new file mode 100644 index 0000000000000..e3de774d620a7 --- /dev/null +++ b/client/rest/licenses/httpcore5-h2-5.3.4.jar.sha1 @@ -0,0 +1 @@ +3742a9a9ba3a5a0d45be230093b52a1302a561e2 \ No newline at end of file diff --git a/client/rest/licenses/httpcore5-reactive-5.3.2.jar.sha1 b/client/rest/licenses/httpcore5-reactive-5.3.2.jar.sha1 deleted file mode 100644 index 345d71cb206ae..0000000000000 --- a/client/rest/licenses/httpcore5-reactive-5.3.2.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -9ee35ef1d3e40855695fc87ad2e31192d85c1e88 \ No newline at end of file diff --git a/client/rest/licenses/httpcore5-reactive-5.3.4.jar.sha1 b/client/rest/licenses/httpcore5-reactive-5.3.4.jar.sha1 new file mode 100644 index 0000000000000..b8e927242905c --- /dev/null +++ b/client/rest/licenses/httpcore5-reactive-5.3.4.jar.sha1 @@ -0,0 +1 @@ +584f61333473c03458ccb38b7fa9a06b847b4046 \ No newline at end of file diff --git a/client/rest/src/test/java/org/opensearch/client/RestClientSingleHostIntegTests.java b/client/rest/src/test/java/org/opensearch/client/RestClientSingleHostIntegTests.java index 84f6e7c8beb2e..22cda437b215d 100644 --- a/client/rest/src/test/java/org/opensearch/client/RestClientSingleHostIntegTests.java +++ b/client/rest/src/test/java/org/opensearch/client/RestClientSingleHostIntegTests.java @@ -382,9 +382,6 @@ public void testHeaders() throws Exception { if (method.equals("HEAD") == false) { standardHeaders.add("Content-length"); } - if (method.equals("HEAD") == true || method.equals("GET") == true || method.equals("OPTIONS") == true) { - standardHeaders.add("Upgrade"); - } final Header[] requestHeaders = RestClientTestUtil.randomHeaders(getRandom(), "Header"); final int statusCode = randomStatusCode(getRandom()); diff --git a/client/sniffer/licenses/httpclient5-5.4.1.jar.sha1 b/client/sniffer/licenses/httpclient5-5.4.1.jar.sha1 deleted file mode 100644 index 40156e9a42620..0000000000000 --- a/client/sniffer/licenses/httpclient5-5.4.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -ce913081e592ee8eeee35c4e577d7dce13cba7a4 \ No newline at end of file diff --git a/client/sniffer/licenses/httpclient5-5.4.4.jar.sha1 b/client/sniffer/licenses/httpclient5-5.4.4.jar.sha1 new file mode 100644 index 0000000000000..670a2b79b099c --- /dev/null +++ b/client/sniffer/licenses/httpclient5-5.4.4.jar.sha1 @@ -0,0 +1 @@ +29aafa2d5ced55ed75dab37cce5e125fb06e54d8 \ No newline at end of file diff --git a/client/sniffer/licenses/httpcore5-5.3.2.jar.sha1 b/client/sniffer/licenses/httpcore5-5.3.2.jar.sha1 deleted file mode 100644 index 44c13325b5647..0000000000000 --- a/client/sniffer/licenses/httpcore5-5.3.2.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -35d387301d4a719972b15fbe863020da5f913c22 \ No newline at end of file diff --git a/client/sniffer/licenses/httpcore5-5.3.4.jar.sha1 b/client/sniffer/licenses/httpcore5-5.3.4.jar.sha1 new file mode 100644 index 0000000000000..a302371e08e89 --- /dev/null +++ b/client/sniffer/licenses/httpcore5-5.3.4.jar.sha1 @@ -0,0 +1 @@ +ea47f0fe6e00ffb07cec3a0cb1bb801b1a9cc353 \ No newline at end of file diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 5ba8dd4a79311..3268a05115033 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -42,8 +42,8 @@ reactor_netty = "1.2.4" reactor = "3.5.20" # client dependencies -httpclient5 = "5.4.1" -httpcore5 = "5.3.2" +httpclient5 = "5.4.4" +httpcore5 = "5.3.4" httpclient = "4.5.14" httpcore = "4.4.16" httpasyncclient = "4.1.5"