If you believe you found a vulnerability in Apache HttpClient, please contact the Apache Security Team.