Closed
Description
The 1.28.0-update for the legacy Google-Apache-Http-Client downgraded it to 4.2.6.
Was this downgrade really neccessary?
According to snyk.io, the downgrade introduced 3 "new" vulnerabilities.
I was upgrading from version 1.27.0 to the newest one, because the vulnerability with the old Guava version is gone now, but it isn't worth staying up-to-date, when there are 3 new ones.
P.S. Sorry for not filling out the Issue Template, but I don't think, that it is neccessary for just this question.