Update OpenShift REST client to fix a critical vulnerability on the transitive dependency com.squareup.okhttp3:okhttp #14641
Labels
area/dependencies
kind/cve
Issues identified as CVEs on third-party dependencies, or issues which Keycloak is not affected
Milestone
Overview
com.squareup.okhttp3:okhttp is a HTTP & HTTP/2 client for Android and Java applications and a transitive dependency coming from OpenShift REST Client.
Affected versions of this package are vulnerable to Information Exposure. When there's an illegal character in a header value, an
IllegalArgumentException
is thrown whose message includes the full header value.Remediation
Upgrade OpenShift REST Client fixed it on 9.0.5.Final release which can be a breaking change for us.
References
The text was updated successfully, but these errors were encountered: