Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ Security ] - Bump OkHttp version to 4.9.2 #130

Closed
mknowlton89 opened this issue Aug 5, 2024 · 3 comments
Closed

[ Security ] - Bump OkHttp version to 4.9.2 #130

mknowlton89 opened this issue Aug 5, 2024 · 3 comments

Comments

@mknowlton89
Copy link

Based on CVE-2023-0833 - There is a security vulnerability affecting Square's OKHttp, which the Kotlin SDK appears to use.

Description of the vulnerability
"A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions."

According to this thread - this was resolved in version 4.9.2.
@vazarkevych
Copy link
Collaborator

Hi, @mknowlton89. Thank you for providing the info, we will update the version of it.

@Bohdan-Kim
Copy link
Contributor

The pull request was created according to this issue.

vazarkevych added a commit that referenced this issue Aug 22, 2024
@vazarkevych
Merge pull request #131 from /issues/130
776a9e2 
Issue #130
@Bohdan-Kim
Copy link
Contributor

NetworkDispatcherOkHttp v1.0.1 is available on Maven repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mknowlton89 @vazarkevych @Bohdan-Kim