-
Improvement
-
Resolution: Not A Defect
-
Major
-
None
Core still bundles a patched version of the deprecated Commons HttpClient 3.x library for use by plugins. This frequently confuses security scanners and is a maintenance liability. For this reason, we would like to remove this library from Jenkins core in jenkinsci/jenkins#7312.
A systematic search of the plugin corpus was conducted in October 2022; this search revealed that a number of plugins have usages of Commons HttpClient 3.x. For compatibility with a future version of Jenkins core in which this library is removed, these plugins should either migrate their usage of Commons HttpClient 3.x to the Apache HttpComponents Client 4.x API plugin or Java 11 native HTTP client; or otherwise they should declare an explicit dependency on the Commons HttpClient 3.x API plugin.
This plugin's identified usage of Commons HttpClient 3.x:
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/auth/AuthScope via org/apache/commons/vfs2/provider/http/HttpClientFactory.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HeaderElement via org/apache/commons/vfs2/provider/http/HttpFileContentInfoFactory.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/Header via org/apache/commons/vfs2/provider/http/HttpFileContentInfoFactory.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/Header via org/apache/commons/vfs2/provider/http/HttpFileObject.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HostConfiguration via org/apache/commons/vfs2/provider/http/HttpClientFactory.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpClient via org/apache/commons/vfs2/provider/http/HttpClientFactory.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpClient via org/apache/commons/vfs2/provider/http/HttpFileObject.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpClient via org/apache/commons/vfs2/provider/http/HttpFileProvider.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpClient via org/apache/commons/vfs2/provider/http/HttpFileSystem.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpClient via org/apache/commons/vfs2/provider/http/HttpRandomAccessContent.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpClient via org/apache/commons/vfs2/provider/webdav/WebdavFileObject.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpClient via org/apache/commons/vfs2/provider/webdav/WebdavFileProvider.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpClient via org/apache/commons/vfs2/provider/webdav/WebdavFileSystem.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpConnectionManager via org/apache/commons/vfs2/provider/http/HttpClientFactory.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpConnectionManager via org/apache/commons/vfs2/provider/http/HttpFileSystem.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpMethodBase via org/apache/commons/vfs2/provider/webdav/WebdavFileObject.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpMethodRetryHandler via org/apache/commons/vfs2/provider/webdav/WebdavMethodRetryHandler.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpMethod via org/apache/commons/vfs2/provider/http/HttpFileObject.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpMethod via org/apache/commons/vfs2/provider/webdav/WebdavFileObject.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpMethod via org/apache/commons/vfs2/provider/webdav/WebdavMethodRetryHandler.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpState via org/apache/commons/vfs2/provider/http/HttpClientFactory.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/HttpStatus via org/apache/commons/vfs2/provider/webdav/WebdavFileObject.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/methods/ByteArrayRequestEntity via org/apache/commons/vfs2/provider/webdav/WebdavFileObject$WebdavOutputStream.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/methods/GetMethod via org/apache/commons/vfs2/provider/http/HttpFileObject$HttpInputStream.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/methods/GetMethod via org/apache/commons/vfs2/provider/http/HttpFileObject.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/methods/GetMethod via org/apache/commons/vfs2/provider/http/HttpRandomAccessContent.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/methods/HeadMethod via org/apache/commons/vfs2/provider/http/HttpFileContentInfoFactory.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/methods/HeadMethod via org/apache/commons/vfs2/provider/http/HttpFileObject.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/methods/RequestEntity via org/apache/commons/vfs2/provider/webdav/WebdavFileObject$WebdavOutputStream.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/MultiThreadedHttpConnectionManager via org/apache/commons/vfs2/provider/http/HttpClientFactory.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/MultiThreadedHttpConnectionManager via org/apache/commons/vfs2/provider/http/HttpFileSystem.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/params/HttpClientParams via org/apache/commons/vfs2/provider/http/HttpClientFactory.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/params/HttpConnectionManagerParams via org/apache/commons/vfs2/provider/http/HttpClientFactory.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/params/HttpConnectionManagerParams via org/apache/commons/vfs2/provider/http/HttpFileSystemConfigBuilder.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/params/HttpConnectionParams via org/apache/commons/vfs2/provider/http/HttpFileSystemConfigBuilder.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/params/HttpMethodParams via org/apache/commons/vfs2/provider/webdav/WebdavFileObject.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/URIException via org/apache/commons/vfs2/provider/http/HttpFileObject.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/URIException via org/apache/commons/vfs2/provider/URLFileName.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/URIException via org/apache/commons/vfs2/provider/url/UrlFileObject.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/URIException via org/apache/commons/vfs2/provider/webdav/WebdavFileObject.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/UsernamePasswordCredentials via org/apache/commons/vfs2/provider/http/HttpClientFactory.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/util/DateUtil via org/apache/commons/vfs2/provider/http/HttpFileObject.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/util/DateUtil via org/apache/commons/vfs2/provider/webdav/WebdavFileObject.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/util/URIUtil via org/apache/commons/vfs2/provider/http/HttpFileObject.class
RESULT: Plugin checkmarx:2022.3.3 using org/apache/commons/httpclient/util/URIUtil via org/apache/commons/vfs2/provider/URLFileName.class