Upgrading to httpclient 4.3
36 views
Skip to first unread message
John Lightsey
May 4, 2014, 12:33:36 PM5/4/14
to zaproxy...@googlegroups.com
While looking into issue 1180 (a small bug in the proxy's handling of
"??" in URLs) I noticed that ZAP has two versions of the Apache
httpclient library in the codebase. Most code is using EOL version 3.1.
There's also a copy of httpclient 4.1.2, but this doesn't appear to be
used.
Is there any interest in upgrading to a current 4.3.3 version of
httpclient throughout the codebase? I'd be happy to dig into this.
"??" in URLs) I noticed that ZAP has two versions of the Apache
httpclient library in the codebase. Most code is using EOL version 3.1.
There's also a copy of httpclient 4.1.2, but this doesn't appear to be
used.
Is there any interest in upgrading to a current 4.3.3 version of
httpclient throughout the codebase? I'd be happy to dig into this.
Colm O'Flaherty
May 6, 2014, 4:30:32 AM5/6/14
to zaproxy...@googlegroups.com
I'd definitely support this. Anything that reduces the deployment size, standardises the code, and keeps Zap on recent versions of libraries can only be a good thing as long as functionality isn't negatively impacted.
Colm
kingthorin+owaspzap
May 6, 2014, 6:15:48 AM5/6/14
to zaproxy...@googlegroups.com, colm.p.o...@gmail.com
Agreed. +1
thc...@gmail.com
May 6, 2014, 7:01:38 AM5/6/14
to zaproxy...@googlegroups.com
Hi.
> but this doesn't appear to be used.
I guess that depends on loading order of the libraries. Is it really
required? Most likely not but that's because another library was updated
in the meantime and it bundles (yet another) version of HttpComponents
client (4.0.2).
> Is there any interest in upgrading to a current 4.3.3 version of httpclient throughout the codebase?
Of course, but note that there's a high coupling between ZAP codebase,
Commons HttpClient 3.1 and, more important, the add-ons.
Upgrading all the codebase (e.g. replace
org.apache.commons.httpclient.URI(?)) will lead to binary incompatible
changes, not a problem per se, but it requires carefully planning when
to phaseout (or stop loading) older (binary incompatible) add-ons and
introduce the new ones.
> I'd be happy to dig into this.
A good starting point (and major improvement) would be to adapt/update
the class HttpSender, while keeping it binary compatible ;)
Best regards.
> but this doesn't appear to be used.
required? Most likely not but that's because another library was updated
in the meantime and it bundles (yet another) version of HttpComponents
client (4.0.2).
> Is there any interest in upgrading to a current 4.3.3 version of httpclient throughout the codebase?
Commons HttpClient 3.1 and, more important, the add-ons.
Upgrading all the codebase (e.g. replace
org.apache.commons.httpclient.URI(?)) will lead to binary incompatible
changes, not a problem per se, but it requires carefully planning when
to phaseout (or stop loading) older (binary incompatible) add-ons and
introduce the new ones.
> I'd be happy to dig into this.
the class HttpSender, while keeping it binary compatible ;)
Best regards.
thc...@gmail.com
Sep 9, 2014, 6:36:20 PM9/9/14
to zaproxy...@googlegroups.com
Hi.
Are there any news on the overall update? What about the update of the
HttpSender class?
We would like to have the HttpSender class adapted/updated for the next
weekly release (2014-09-15), if possible. The plan is to include those
changes in the next main release (2.4.0) so the sooner we have that in
the weekly releases the better.
I volunteer to do it, if no one is working on that or does not have
plans to do it in following days.
Thanks!
Best regards.
Are there any news on the overall update? What about the update of the
HttpSender class?
We would like to have the HttpSender class adapted/updated for the next
weekly release (2014-09-15), if possible. The plan is to include those
changes in the next main release (2.4.0) so the sooner we have that in
the weekly releases the better.
I volunteer to do it, if no one is working on that or does not have
plans to do it in following days.
Thanks!
Best regards.
thc...@gmail.com
Sep 15, 2014, 9:30:55 AM9/15/14
to zaproxy...@googlegroups.com
Hi.
Since there are no news I'll proceed with the changes.
Unfortunately, this will not be included in today's weekly release.
Best regards.
Since there are no news I'll proceed with the changes.
Unfortunately, this will not be included in today's weekly release.
Best regards.
Reply all
Reply to author
Forward
0 new messages