CVE-2020-17514: Apache Fineract: Disabled hostname verification for HTTPS

[James Dailey <jamespdailey () gmail com>]

The fineract project announces release of 1.5.0 which - among other things
- fixes this issue.

*CVE-2020-17514: Disabled Hostname verification for HTTPS  *

[DESCRIPTION]:

*Critical*:  Apache Fineract disables HTTPS hostname verification in
`ProcessorHelper` in the `configureClient` method.

Under typical deployments, a man in the middle attack could be successful.

*Release branch*: The fix is available at
https://github.com/apache/fineract/tree/1.5.0.

*Acknowledgements*: We would like to thank Simon Gerst at
https://github.com/intrigus-lgtm  for reporting this issue, and the *Apache
Security team* for their assistance.
Reported to security team 15 October 2020
Fixed 19 October 2020
Update Released 23 May  2021
Issue public 26 May 2021
Affects 0.4.0-incubating, 0.5.0-incubating, 0.6.0-incubating, 1.0.0, 1.1.0,
1.2.0, 1.3.0, 1.4.0

[REFERENCES]:

https://issues.apache.org/jira/browse/FINERACT-1211