Skip to main content

Replaced deprecated and insecure Apache HTTP client

pixee:java/replace-apache-defaulthttpclient

ImportanceReview GuidanceRequires Scanning Tool
MEDIUMMerge After Cursory ReviewNo

This change replaces all instances of the deprecated DefaultHttpClient from Apache's HTTP client library with a more secure, modern implementation from the same package.

This type does not support using TLS 1.2 and could be exposing the code to many different network security risks because of it.

Our changes look something like this:

- HttpClient client = new DefaultHttpClient();
+ HttpClient client = HttpClientBuilder.create().useSystemProperties().build();

References