Security Vulnerability CVE-2022-24329 for okhttp 4.9.2 #2358

Eyal-G · 2022-09-05T12:10:02Z

Describe the bug
There is a security vulnerability CVE-2022-24329 for okhttp 4.9.2,
this vulnerability was fixed okhttp-#7217 from 4.10

The fix should be similar to #2099

Client Version
16.0.0

The text was updated successfully, but these errors were encountered:

brendandburns · 2022-09-05T19:44:53Z

Per the discussion in the vulnerability this only effects Kotlin at build time. It does not affect okhttp and it definitely doesn't affect this library, so there's not much urgency to fix this.

If you want to send a PR to update the version, we'll merge the PR and it will be included in the next release. If you want it in a specific release, you can also send cherry-pick PRs once the original PR merges.

Eyal-G · 2022-09-06T20:55:21Z

Thanks @brendandburns for the response.
I agree that the vulnerability does not affect the library,
I will create PR that will bump the okhttp to 4.10.0 for the next release.

Eyal-G · 2022-09-08T05:06:23Z

Closing the issue after merging the code.

Eyal-G changed the title ~~Update okhttp To Resolve CVE-2022-24329~~ Security Vulnerability CVE-2022-24329 for okhttp 4.9.2 Sep 5, 2022

This was referenced Sep 6, 2022

Bump OkHttp From 4.9.2 To 4.10.0 #2360

Closed

Bump OkHttp From 4.9.2 To 4.10.0 #2362

Merged

Eyal-G closed this as completed Sep 8, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Vulnerability CVE-2022-24329 for okhttp 4.9.2 #2358

Security Vulnerability CVE-2022-24329 for okhttp 4.9.2 #2358

Eyal-G commented Sep 5, 2022

brendandburns commented Sep 5, 2022

Eyal-G commented Sep 6, 2022

Eyal-G commented Sep 8, 2022

Security Vulnerability CVE-2022-24329 for okhttp 4.9.2 #2358

Security Vulnerability CVE-2022-24329 for okhttp 4.9.2 #2358

Comments

Eyal-G commented Sep 5, 2022

brendandburns commented Sep 5, 2022

Eyal-G commented Sep 6, 2022

Eyal-G commented Sep 8, 2022