Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-69989

Prepare SAML Single Sign On (SSO) for removal of Commons HttpClient 3.x

XMLWordPrintable

    • Jenkins SAML SSO Release 2.0.1

      Core still bundles a patched version of the deprecated Commons HttpClient 3.x library for use by plugins. This frequently confuses security scanners and is a maintenance liability. For this reason, we would like to remove this library from Jenkins core in jenkinsci/jenkins#7312.

      A systematic search of the plugin corpus was conducted in October 2022; this search revealed that a number of plugins have usages of Commons HttpClient 3.x. For compatibility with a future version of Jenkins core in which this library is removed, these plugins should either migrate their usage of Commons HttpClient 3.x to the Apache HttpComponents Client 4.x API plugin or Java 11 native HTTP client; or otherwise they should declare an explicit dependency on the Commons HttpClient 3.x API plugin.

      This plugin's identified usage of Commons HttpClient 3.x is as follows:

      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/auth/AuthScope via org/opensaml/saml2/metadata/provider/HTTPMetadataProvider.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/auth/AuthScope via org/opensaml/ws/soap/client/http/HttpClientBuilder.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/DefaultHttpMethodRetryHandler via org/opensaml/ws/soap/client/http/HttpClientBuilder.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/Header via org/opensaml/saml2/metadata/provider/HTTPMetadataProvider.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/Header via org/opensaml/util/resource/HttpResource.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/HostConfiguration via org/opensaml/saml2/metadata/provider/HTTPMetadataProvider.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/HostConfiguration via org/opensaml/ws/soap/client/http/HttpClientBuilder.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/HttpClient via org/opensaml/saml2/metadata/provider/FileBackedHTTPMetadataProvider.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/HttpClient via org/opensaml/saml2/metadata/provider/HTTPMetadataProvider.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/HttpClient via org/opensaml/util/resource/HttpResource.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/HttpClient via org/opensaml/ws/soap/client/http/HttpClientBuilder.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/HttpClient via org/opensaml/ws/soap/client/http/HttpSOAPClient.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/HttpConnectionManager via org/opensaml/saml2/metadata/provider/HTTPMetadataProvider.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/HttpMethod via org/opensaml/util/resource/HttpResource$ConnectionClosingInputStream.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/HttpState via org/opensaml/saml2/metadata/provider/HTTPMetadataProvider.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/HttpState via org/opensaml/ws/soap/client/http/HttpClientBuilder.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/methods/ByteArrayRequestEntity via org/opensaml/ws/soap/client/http/HttpSOAPClient.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/methods/GetMethod via org/opensaml/saml2/metadata/provider/HTTPMetadataProvider.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/methods/GetMethod via org/opensaml/util/resource/FileBackedHttpResource.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/methods/GetMethod via org/opensaml/util/resource/HttpResource.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/methods/HeadMethod via org/opensaml/util/resource/HttpResource.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/methods/PostMethod via org/opensaml/ws/soap/client/http/HttpSOAPClient.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/MultiThreadedHttpConnectionManager via org/opensaml/ws/soap/client/http/HttpClientBuilder.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/params/HttpClientParams via org/opensaml/saml2/metadata/provider/HTTPMetadataProvider.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/params/HttpClientParams via org/opensaml/ws/soap/client/http/HttpClientBuilder.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/params/HttpConnectionManagerParams via org/opensaml/saml2/metadata/provider/HTTPMetadataProvider.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/params/HttpConnectionManagerParams via org/opensaml/ws/soap/client/http/HttpClientBuilder.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/params/HttpConnectionParams via org/apache/commons/ssl/HttpSecureProtocol.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/params/HttpConnectionParams via org/opensaml/ws/soap/client/http/TLSProtocolSocketFactory.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/protocol/ProtocolSocketFactory via org/opensaml/DefaultBootstrap.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/protocol/ProtocolSocketFactory via org/opensaml/saml2/metadata/provider/HTTPMetadataProvider.class
      Plugin misaml-sp:1.0.14 using org/apache/commons/httpclient/protocol/Protocol via org/opensaml/DefaultBootstrap.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/protocol/Protocol via org/opensaml/saml2/metadata/provider/HTTPMetadataProvider.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/protocol/Protocol via org/opensaml/ws/soap/client/http/HttpClientBuilder.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/protocol/SecureProtocolSocketFactory via org/apache/commons/ssl/HttpSecureProtocol.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/protocol/SecureProtocolSocketFactory via org/opensaml/ws/soap/client/http/HttpClientBuilder.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/protocol/SecureProtocolSocketFactory via org/opensaml/ws/soap/client/http/TLSProtocolSocketFactory.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/UsernamePasswordCredentials via org/opensaml/saml2/metadata/provider/HTTPMetadataProvider.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/UsernamePasswordCredentials via org/opensaml/ws/soap/client/http/HttpClientBuilder.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/util/DateParseException via org/opensaml/util/resource/HttpResource.class
      Plugin miniorange-saml-sp:1.0.14 using org/apache/commons/httpclient/util/DateUtil via org/opensaml/util/resource/HttpResource.class

            miniorange info miniorange
            basil Basil Crow
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: