Apache HTTPClient 4.1.1 fixes critical security bug
The Apache HTTPClient library has been updated to version 4.1.1 to close a critical bug in the library which sent the Proxy-Authorization header on to hosts when tunnelling through proxy servers which required authentication.The developers "strongly encourage" all users of HTTPClient 4.0.x and 4.1 to upgrade to the new version. According to the change log, four other non-security bugs were also fixed.
HTTPClient is part of the Apache HTTP Components project which provides enhanced HTTP functionality for Java applications. Designed for use by developers creating HTTP aware client applications, HTTPClient goes beyond the java.net packages to provide a package which is not only efficient but implements the most recent HTTP standards and recommendations.
Version 4.1.1 of HTTPClient is available to download from the Apache Software Foundation site and is, of course, available under the Apache 2 licence.