From 23c70432a73c8121adc469861823bded4d897e3a Mon Sep 17 00:00:00 2001 From: Ajay Raj Nelapudi Date: Thu, 19 Jun 2025 12:31:46 +0530 Subject: [PATCH 1/2] Fix for CVE-2025-27820 --- build.gradle | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/build.gradle b/build.gradle index 662f9982..7676353f 100644 --- a/build.gradle +++ b/build.gradle @@ -90,6 +90,23 @@ ext { rcaProjectDir = System.getProperty("performance-analyzer-rca.path", "../performance-analyzer-rca") } +// Fix for CVE-2025-27820 +configurations.all { + resolutionStrategy { + force("org.apache.httpcomponents.client5:httpclient5:5.4.4") + force("org.apache.httpcomponents:httpcore:5.3.4") + force("org.apache.httpcomponents.core5:httpcore5-h2:5.3.4") + + // Alternatively, you can use this approach + eachDependency { DependencyResolveDetails details -> + if (details.requested.group == 'org.apache.httpcomponents.client5' && + details.requested.name == 'httpclient5') { + details.useVersion "${versions.httpclient5}" + } + } + } +} + allprojects { group = "org.opensearch" version = opensearch_build From dfc76c9c2c593774ce67b01801bfeff10f973bc8 Mon Sep 17 00:00:00 2001 From: Ajay Raj Nelapudi Date: Thu, 19 Jun 2025 12:58:18 +0530 Subject: [PATCH 2/2] add force(org.apache.httpcomponents.core5:httpcore5:5.3.4) --- build.gradle | 2 ++ 1 file changed, 2 insertions(+) diff --git a/build.gradle b/build.gradle index 7676353f..cb784cd0 100644 --- a/build.gradle +++ b/build.gradle @@ -96,6 +96,8 @@ configurations.all { force("org.apache.httpcomponents.client5:httpclient5:5.4.4") force("org.apache.httpcomponents:httpcore:5.3.4") force("org.apache.httpcomponents.core5:httpcore5-h2:5.3.4") + force("org.apache.httpcomponents.core5:httpcore5:5.3.4") + // Alternatively, you can use this approach eachDependency { DependencyResolveDetails details ->