Changelog for apache-commons-httpclient-manual-3.1-lp152.6.3.1.noarch.rpm :

* Tue Oct 27 2020 Pedro Monreal - Security fix [bsc#945190, CVE-2015-5262]
* http/conn/ssl/ ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.- Add apache-commons-httpclient-CVE-2015-5262.patch
* Tue Oct 27 2020 Pedro Monreal - Security fix [bsc#1178171, CVE-2014-3577]
* org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject\'s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a \"CN=\" string in a field in the distinguished name (DN) of a certificate.- Add apache-commons-httpclient-CVE-2014-3577.patch
* Mon Apr 01 2019 Jan Engelhardt - Trim conjecture from description.
* Mon Jan 21 2019 Fridrich Strba - Add maven pom file and clean-up the spec file
* Tue May 15 2018 Build with source and target 8 to prepare for a possible removal of 1.6 compatibility- Run fdupes on documentation
* Thu Sep 07 2017 Build with java source and target versions 1.6
* fixes build with jdk9
* Tue Jul 08 2014 Redo the bytcode disabling properly.- Cleanup with spec-cleaner
* Mon Apr 14 2014 disable bytecode test on SLES
* Fri Oct 25 2013 really apply CVE-2012-5783 patch- build with java 6 and higher
* Thu Mar 28 2013 enhance fix of bnc#803332 / CVE-2012-5783
* add a check for subjectAltNames for instance