[SERVER-3014] New apache HTTP client is breaking tests - Puppet Jira Server

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Done
Affects Version/s: None
Fix Version/s: SERVER 6.16.0, SERVER 7.2.0
Component/s: None
Labels:
- doc_reviewed

Team:
Froyo
Sprint:
Froyo - 05/19/2021
Method Found:
Automated Test

Release Notes:
Security Fix
Release Notes Summary:

Hide
A security update to the apache HTTP client introduced an unrelated change to URL normalization, so that URLs with two consecutive forward slashes between the host and the path will no longer be sent as-is to the server: the second will be URL-encoded as if it was part of the path segment and not a separator. This affects any use of Puppet's HTTP client within Puppet Server.

Show
A security update to the apache HTTP client introduced an unrelated change to URL normalization, so that URLs with two consecutive forward slashes between the host and the path will no longer be sent as-is to the server: the second will be URL-encoded as if it was part of the path segment and not a separator. This affects any use of Puppet's HTTP client within Puppet Server.

QA Risk Assessment:
Needs Assessment

Description

We recently updated the apache HTTP client in clj-parent from 4.5.3 to 4.5.13. Doing so has broken a number of tests in puppetserver.

Some of these seem to be due to a change in the way double slashes are handled in URLs, and was caused by the updates in 4.5.8. Still investigating other failures.

We will need to do further testing to make sure none of these changes affect our actual product.

Attachments

Activity

People

Assignee:: Maggie Dreyer

Reporter:: Maggie Dreyer

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2021/05/12 9:52 AM

Updated:: 2021/05/18 11:34 AM

Resolved:: 2021/05/14 9:00 AM