From 6afba08b39a10c2a85bb1b38e14ada224cd40705 Mon Sep 17 00:00:00 2001 From: Aayush Atharva Date: Mon, 16 Dec 2024 00:41:59 +0530 Subject: [PATCH] Release 2.12.4 with CVE Fix: 2024-53990 --- bom/pom.xml | 2 +- client/pom.xml | 2 +- .../DefaultAsyncHttpClient.java | 2 +- .../asynchttpclient/RequestBuilderBase.java | 27 +++++-- .../intercept/Redirect30xInterceptor.java | 5 +- example/pom.xml | 2 +- extras/guava/pom.xml | 2 +- extras/jdeferred/pom.xml | 2 +- extras/pom.xml | 2 +- extras/registry/pom.xml | 2 +- extras/retrofit2/pom.xml | 2 +- extras/rxjava/pom.xml | 2 +- extras/rxjava2/pom.xml | 2 +- extras/simple/pom.xml | 2 +- extras/typesafeconfig/pom.xml | 2 +- netty-utils/pom.xml | 2 +- pom.xml | 77 +++++++++---------- 17 files changed, 77 insertions(+), 60 deletions(-) diff --git a/bom/pom.xml b/bom/pom.xml index 867f23157e..a7c98bc484 100644 --- a/bom/pom.xml +++ b/bom/pom.xml @@ -5,7 +5,7 @@ org.asynchttpclient async-http-client-project - 2.12.3 + 2.12.4 async-http-client-bom diff --git a/client/pom.xml b/client/pom.xml index 59b67c17d1..cc856aaaf1 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -2,7 +2,7 @@ org.asynchttpclient async-http-client-project - 2.12.3 + 2.12.4 4.0.0 async-http-client diff --git a/client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClient.java b/client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClient.java index 7cc3e6e341..45094ed7e6 100644 --- a/client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClient.java +++ b/client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClient.java @@ -214,7 +214,7 @@ public ListenableFuture executeRequest(Request request, AsyncHandler h if (!cookies.isEmpty()) { RequestBuilder requestBuilder = request.toBuilder(); for (Cookie cookie : cookies) { - requestBuilder.addOrReplaceCookie(cookie); + requestBuilder.addCookieIfUnset(cookie); } request = requestBuilder.build(); } diff --git a/client/src/main/java/org/asynchttpclient/RequestBuilderBase.java b/client/src/main/java/org/asynchttpclient/RequestBuilderBase.java index 35c8145776..a7fae7f430 100644 --- a/client/src/main/java/org/asynchttpclient/RequestBuilderBase.java +++ b/client/src/main/java/org/asynchttpclient/RequestBuilderBase.java @@ -308,15 +308,31 @@ public T addCookie(Cookie cookie) { /** * Add/replace a cookie based on its name + * * @param cookie the new cookie * @return this */ public T addOrReplaceCookie(Cookie cookie) { + return maybeAddOrReplaceCookie(cookie, true); + } + + /** + * Add a cookie based on its name, if it does not exist yet. Cookies that + * are already set will be ignored. + * + * @param cookie the new cookie + * @return this + */ + public T addCookieIfUnset(Cookie cookie) { + return maybeAddOrReplaceCookie(cookie, false); + } + + private T maybeAddOrReplaceCookie(Cookie cookie, boolean allowReplace) { String cookieKey = cookie.name(); boolean replace = false; int index = 0; lazyInitCookies(); - for (Cookie c : this.cookies) { + for (Cookie c : cookies) { if (c.name().equals(cookieKey)) { replace = true; break; @@ -324,10 +340,11 @@ public T addOrReplaceCookie(Cookie cookie) { index++; } - if (replace) - this.cookies.set(index, cookie); - else - this.cookies.add(cookie); + if (!replace) { + cookies.add(cookie); + } else if (allowReplace) { + cookies.set(index, cookie); + } return asDerivedType(); } diff --git a/client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java b/client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java index a2ddbd9467..e0d89bd7a1 100644 --- a/client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java +++ b/client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java @@ -135,8 +135,9 @@ else if (isNonEmpty(request.getBodyParts())) { // Update request's cookies assuming that cookie store is already updated by Interceptors List cookies = cookieStore.get(newUri); if (!cookies.isEmpty()) - for (Cookie cookie : cookies) - requestBuilder.addOrReplaceCookie(cookie); + for (Cookie cookie : cookieStore.get(newUri)) { + requestBuilder.addCookieIfUnset(cookie); + } } boolean sameBase = request.getUri().isSameBase(newUri); diff --git a/example/pom.xml b/example/pom.xml index 5643feaab9..5157f050cd 100644 --- a/example/pom.xml +++ b/example/pom.xml @@ -2,7 +2,7 @@ org.asynchttpclient async-http-client-project - 2.12.3 + 2.12.4 4.0.0 async-http-client-example diff --git a/extras/guava/pom.xml b/extras/guava/pom.xml index 39fd913a5f..4b176b29a5 100644 --- a/extras/guava/pom.xml +++ b/extras/guava/pom.xml @@ -2,7 +2,7 @@ org.asynchttpclient async-http-client-extras-parent - 2.12.3 + 2.12.4 4.0.0 async-http-client-extras-guava diff --git a/extras/jdeferred/pom.xml b/extras/jdeferred/pom.xml index d3c7d6a9e4..c3fdf0e25b 100644 --- a/extras/jdeferred/pom.xml +++ b/extras/jdeferred/pom.xml @@ -18,7 +18,7 @@ async-http-client-extras-parent org.asynchttpclient - 2.12.3 + 2.12.4 async-http-client-extras-jdeferred Asynchronous Http Client JDeferred Extras diff --git a/extras/pom.xml b/extras/pom.xml index 5fccc3bce6..94ce18c116 100644 --- a/extras/pom.xml +++ b/extras/pom.xml @@ -2,7 +2,7 @@ org.asynchttpclient async-http-client-project - 2.12.3 + 2.12.4 4.0.0 async-http-client-extras-parent diff --git a/extras/registry/pom.xml b/extras/registry/pom.xml index 492ef41f65..58f10157eb 100644 --- a/extras/registry/pom.xml +++ b/extras/registry/pom.xml @@ -2,7 +2,7 @@ org.asynchttpclient async-http-client-extras-parent - 2.12.3 + 2.12.4 4.0.0 async-http-client-extras-registry diff --git a/extras/retrofit2/pom.xml b/extras/retrofit2/pom.xml index f95bd3a092..66c1ba1433 100644 --- a/extras/retrofit2/pom.xml +++ b/extras/retrofit2/pom.xml @@ -4,7 +4,7 @@ async-http-client-extras-parent org.asynchttpclient - 2.12.3 + 2.12.4 async-http-client-extras-retrofit2 diff --git a/extras/rxjava/pom.xml b/extras/rxjava/pom.xml index 06680338a4..780e794132 100644 --- a/extras/rxjava/pom.xml +++ b/extras/rxjava/pom.xml @@ -3,7 +3,7 @@ async-http-client-extras-parent org.asynchttpclient - 2.12.3 + 2.12.4 async-http-client-extras-rxjava Asynchronous Http Client RxJava Extras diff --git a/extras/rxjava2/pom.xml b/extras/rxjava2/pom.xml index e1c7af8f3d..ccbcfabd30 100644 --- a/extras/rxjava2/pom.xml +++ b/extras/rxjava2/pom.xml @@ -3,7 +3,7 @@ async-http-client-extras-parent org.asynchttpclient - 2.12.3 + 2.12.4 async-http-client-extras-rxjava2 Asynchronous Http Client RxJava2 Extras diff --git a/extras/simple/pom.xml b/extras/simple/pom.xml index 92ee8730e3..24c2df5dd4 100644 --- a/extras/simple/pom.xml +++ b/extras/simple/pom.xml @@ -3,7 +3,7 @@ async-http-client-extras-parent org.asynchttpclient - 2.12.3 + 2.12.4 async-http-client-extras-simple Asynchronous Http Simple Client diff --git a/extras/typesafeconfig/pom.xml b/extras/typesafeconfig/pom.xml index 437b657438..0d4070b12c 100644 --- a/extras/typesafeconfig/pom.xml +++ b/extras/typesafeconfig/pom.xml @@ -4,7 +4,7 @@ async-http-client-extras-parent org.asynchttpclient - 2.12.3 + 2.12.4 async-http-client-extras-typesafe-config diff --git a/netty-utils/pom.xml b/netty-utils/pom.xml index d2be381f14..87ac1ccd6a 100644 --- a/netty-utils/pom.xml +++ b/netty-utils/pom.xml @@ -2,7 +2,7 @@ org.asynchttpclient async-http-client-project - 2.12.3 + 2.12.4 4.0.0 async-http-client-netty-utils diff --git a/pom.xml b/pom.xml index 0ab1e952ec..be09cd5957 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ org.asynchttpclient async-http-client-project - 2.12.3 + 2.12.4 pom Asynchronous Http Client Project @@ -24,9 +24,9 @@ - slandelle - Stephane Landelle - slandelle@gatling.io + hyperxpro + Aayush Atharva + aayush@shieldblaze.com @@ -34,7 +34,7 @@ scm:git:git@github.com:AsyncHttpClient/async-http-client.git scm:git:git@github.com:AsyncHttpClient/async-http-client.git https://github.com/AsyncHttpClient/async-http-client/tree/master - async-http-client-project-2.12.3 + async-http-client-project-2.12.4 @@ -220,42 +220,41 @@ + + org.sonatype.plugins + nexus-staging-maven-plugin + 1.7.0 + true + + ossrh + https://oss.sonatype.org/ + false + false + + + + org.apache.maven.plugins + maven-gpg-plugin + 3.2.7 + + + sign-artifacts + verify + + sign + + + + + --pinentry-mode + loopback + + + + + - - - release-sign-artifacts - - - performRelease - true - - - - - - maven-gpg-plugin - 1.6 - - - sign-artifacts - verify - - sign - - - - - - - - - test-output - - false - - - bom pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy