Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

elasticsearch-rest-client is using an old non-maintained version of httpasyncclient-4.1.4.jar #1308

Open
oridool opened this issue Sep 28, 2021 · 6 comments
Open

elasticsearch-rest-client is using an old non-maintained version of httpasyncclient-4.1.4.jar #1308

oridool opened this issue Sep 28, 2021 · 6 comments
Labels
Clients Clients within the Core repository such as High level Rest client and low level client enhancement Enhancement or improvement to existing feature or request good first issue Good for newcomers help wanted Extra attention is needed

Comments

@oridool
Copy link

oridool commented Sep 28, 2021

When I use latest rest client, it brings with it a dependency of an old async http client (httpasyncclient-4.1.4.jar).
This client is no longer maintained. See its github page: https://github.com/apache/httpasyncclient

Not only this is a security risk, I also believe that using this old client causes multiple issues, and also related to :
spring-projects/spring-data-elasticsearch#1387
spring-projects/spring-data-elasticsearch#1948

The expected solution:
elasticsearch-rest-client should use the latest modern http client 5.x, which has the same functionality.
https://github.com/apache/httpcomponents-client
@oridool oridool added the enhancement Enhancement or improvement to existing feature or request label Sep 28, 2021
@dblock dblock added good first issue Good for newcomers help wanted Extra attention is needed labels Sep 29, 2021
@kanumalivad
Copy link

Kindly assign to me, This will be my first open source contribution

@booleanhunter
Copy link

@oridool Is this issue still being worked on? If not, may I take this up?

@kanumalivad kanumalivad removed their assignment Jan 6, 2022
@kanumalivad
Copy link

@booleanhunter You can take this.

@anasalkouz anasalkouz added the Clients Clients within the Core repository such as High level Rest client and low level client label Jan 12, 2023
@brokemyspoke
Copy link

Hi @dblock, I'm looking for an issue to start contributing here.

I was checking this one out since im building out the project but it appears to have been addressed: (Move to core 5.x) #4459. Aside from some unused references in version.properties and an old .classpath file, I believe this could be closed.

I'll keep looking for an issue. ;)

@dblock
Copy link
Member

dblock commented Jun 26, 2023

Aside from some unused references in version.properties and an old .classpath file, I believe this could be closed.

Are you saying we still have those? Let's remove them before closing? Please do!

@reta
Copy link
Collaborator

reta commented Jun 27, 2023
edited
Loading

@dblock we use 4.x clients in 2.x branches whereas httpasyncclient latest release is 4.1.5:

httpclient        = 4.5.13
httpcore          = 4.4.15
httpasyncclient   = 4.1.5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Clients Clients within the Core repository such as High level Rest client and low level client enhancement Enhancement or improvement to existing feature or request good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@reta @dblock @booleanhunter @anasalkouz @kanumalivad @oridool @brokemyspoke