From 8e8b9c868f1c3c054113edced29b4807ada47c3e Mon Sep 17 00:00:00 2001
From: jakubkochman <jakub.kochman@hyland.com>
Date: Thu, 29 May 2025 10:53:01 +0200
Subject: [PATCH] ACS-9635 bumped httpclient5 to 5.5 to fix
 CVE-2025-27820(#3369)

---
 pom.xml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index ec8600fa65..09fd54107d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -74,8 +74,9 @@
         <dependency.guava.version>33.3.1-jre</dependency.guava.version>
         <dependency.httpclient.version>4.5.14</dependency.httpclient.version>
         <dependency.httpcore.version>4.4.16</dependency.httpcore.version>
-        <dependency.httpcomponents-httpclient5.version>5.4.1</dependency.httpcomponents-httpclient5.version>
-        <dependency.httpcomponents-httpcore5.version>5.3.3</dependency.httpcomponents-httpcore5.version>
+        <dependency.httpcomponents-httpclient5.version>5.5</dependency.httpcomponents-httpclient5.version>
+        <dependency.httpcomponents-httpcore5.version>5.3.4</dependency.httpcomponents-httpcore5.version>
+        <dependency.httpcomponents-httpcore5-h2.version>5.3.4</dependency.httpcomponents-httpcore5-h2.version>
         <dependency.commons-httpclient.version>3.1-HTTPCLIENT-1265</dependency.commons-httpclient.version>
         <dependency.xercesImpl.version>2.12.2</dependency.xercesImpl.version>
         <dependency.slf4j.version>2.0.16</dependency.slf4j.version>
@@ -400,6 +401,11 @@
                 <artifactId>httpcore5</artifactId>
                 <version>${dependency.httpcomponents-httpcore5.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.apache.httpcomponents.core5</groupId>
+                <artifactId>httpcore5-h2</artifactId>
+                <version>${dependency.httpcomponents-httpcore5-h2.version}</version>
+            </dependency>
             <dependency>
                 <groupId>commons-logging</groupId>
                 <artifactId>commons-logging</artifactId>