Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update okhttp from 3.6.0 (due to security issues) #1153

Closed
svenhaag opened this issue Jan 9, 2020 · 2 comments
Closed

Update okhttp from 3.6.0 (due to security issues) #1153

svenhaag opened this issue Jan 9, 2020 · 2 comments
Labels
security CVE and other security related tasks
Milestone
10.7.3

Comments

@svenhaag
Copy link
Contributor

svenhaag commented Jan 9, 2020

Currently okhttp 3.6.0 is used which is from January 2017. Please update to a newer version as it has some serious security issues.

See:
Maven Central
and
CVE
@kdavisk6
Copy link
Member

Understood, however, users are free to override our default versions as they please.

Please feel free to open a PR with this dependency change if you like. Otherwise, I'll add this to our like of small changes and add it to 10.8

@kdavisk6 kdavisk6 added the security CVE and other security related tasks label Jan 13, 2020
@kdavisk6 kdavisk6 added this to the 10.8 milestone Jan 13, 2020
@svenhaag svenhaag mentioned this issue Jan 14, 2020
Merged
@kdavisk6
Copy link
Member

Closed by #1158

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security CVE and other security related tasks
Projects
None yet
Milestone
10.7.3
Development

No branches or pull requests
2 participants
@svenhaag @kdavisk6