Updated spring-framework to 5.3.33 and okhttp to 4.12.0 #447

corneil · 2024-04-12T15:11:45Z

No description provided.

onobc · 2024-04-16T19:20:42Z

spring-cloud-deployer-cloudfoundry/pom.xml

@@ -18,7 +18,7 @@
 		<cloudfoundry-java-lib.version>4.16.0.RELEASE</cloudfoundry-java-lib.version>
 		<pivotal-cf-client-reactor.version>2.2.0.RELEASE</pivotal-cf-client-reactor.version>
 		<commons-compress.version>1.26.0</commons-compress.version>
-		<okhttp.version>3.14.9</okhttp.version>
+		<okhttp.version>4.12.0</okhttp.version>


Wrt "Should we bump major from 3.x to 4.x?"...

On the surface, the 4.x changelog looks scary. However, the reality is that they have spent a lot of time and energy (their words) on keeping 4.x compatible w/ 3.x (details.

I am much less concerned of the risk at this point. However, what is the reward for doing this? CVE patch?

Latest 3.x contains vulnerabilities.

Updated spring-framework to 5.3.33 and okhttp to 4.12.0

0ee139d

corneil requested review from cppwfs and onobc April 12, 2024 15:11

onobc reviewed Apr 16, 2024

View reviewed changes

cppwfs merged commit 0bb15f3 into 2.9.x May 3, 2024
4 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Updated spring-framework to 5.3.33 and okhttp to 4.12.0 #447

Updated spring-framework to 5.3.33 and okhttp to 4.12.0 #447

corneil commented Apr 12, 2024

onobc Apr 16, 2024

corneil Apr 17, 2024

Updated spring-framework to 5.3.33 and okhttp to 4.12.0 #447

Updated spring-framework to 5.3.33 and okhttp to 4.12.0 #447

Conversation

corneil commented Apr 12, 2024

onobc Apr 16, 2024

Choose a reason for hiding this comment

corneil Apr 17, 2024

Choose a reason for hiding this comment