Upgrade to HtmlUnit 3.9.0 or 4.1.0

Question

Upgrade to HtmlUnit 3.9.0 or 4.1.0

Lonzak opened this issue 2 months ago · comments

Using GWT 2.10.1 (or 2.11.0 has the same issue).

The current version of htmlunit has a security vulnerability. Since it is a unit test it shouldn't be critical however tools report it so there is always a discussion with the security guys which could be avoided.

Note that there was a switch in the groupid (old , new . Changes can be found here)

We should upgrade to at least version 3.9.0 or higher:

<dependency>
    <groupId>org.htmlunit</groupId>
    <artifactId>htmlunit</artifactId>
    <version>4.1.0</version>
</dependency>

Please excuse my limited knowledge in GWT - but is htmlunit necessary during runtime?

Colin Alworth · Answer 1 · Mon May 20 2024 09:39:03 GMT+0800 (China Standard Time)

Thanks for the report - but hopefully no one is using GWTTestCase to browse sites you don't control and trust?

No, htmlunit is present in gwt-dev, so only present during compilation or running tests, and only used to test your own test cases (and any page your test directs the simulated browser to).

Colin Alworth · Answer 2 · Tue May 21 2024 05:06:13 GMT+0800 (China Standard Time)

When updating, we should also enable the fetch() polyfill https://htmlunit.sourceforge.io/webclient.html#Fetch_API_Polyfill