okhttp 4.9.0 critical vulnerability
See original GitHub issueDescribe the bug
The latest docker image contains okhttp
version 4.9.0 which contains a known critical security vulnerability.
To Reproduce See link above.
Expected behavior
okhttp
upgrade to >=4.9.2
Environment (please complete the following information):
- Strimzi version: 0.27.1 (checked with 0.29.0 as well)
- Installation method: Helm chart
- Kubernetes cluster: Various
- Infrastructure: Various
YAML files and logs N/A
Additional context None
Issue Analytics
- State:
- Created a year ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
com.squareup.okhttp3:okhttp 4.9.0 vulnerabilities - Snyk
Affected versions of this package are vulnerable to Information Exposure. When there's an illegal character in a header value, an IllegalArgumentException is ...
Read more >3.x Change Log - OkHttp
OkHttp 3.x Change Log¶. Version 3.14.9¶. 2020-05-17. Fix: Don't crash when running as a plugin in Android Studio Canary 4.1. To enable platform-specific...
Read more >Squareup Okhttp : List of security vulnerabilities - CVE Details
# CVE ID CWE ID Vulnerability Type(s) Publish Date Update Date Score Gaine...
1 CVE‑2018‑20200 295 Bypass 2019‑04‑18 2020‑12‑16 4.3 None
2 CVE‑2016‑2402 295 Bypass...
Read more >Search Results - CVE
A vulnerability has been found in IBAX go-ibax and classified as critical. This vulnerability affects unknown code of the file /api/v2/open/rowsInfo. The ...
Read more >Cloudsmith - Repositories - groundsage-android-sdk - Overview
... 2.0.0 | com.google.code.gson:gson >= 2.8.6 | com.squareup.okhttp3:okhttp >= 4.9.0 | org.jetbrains.kotlin:kotlin-android-extensions-runtime >= 1.4.32.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I proposed a new release. If everyone is fine with it, it might be maybe some time next week or soemthing.
@scholzj - Thanks for getting that updated. Do you have an ETA on when a new release might be generated - or is this a process I could get the ball rolling on?