question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

okhttp 4.9.0 critical vulnerability

See original GitHub issue

Describe the bug The latest docker image contains okhttp version 4.9.0 which contains a known critical security vulnerability.

To Reproduce See link above.

Expected behavior okhttp upgrade to >=4.9.2

Environment (please complete the following information):

  • Strimzi version: 0.27.1 (checked with 0.29.0 as well)
  • Installation method: Helm chart
  • Kubernetes cluster: Various
  • Infrastructure: Various

YAML files and logs N/A

Additional context None

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
scholzjcommented, Jul 6, 2022

I proposed a new release. If everyone is fine with it, it might be maybe some time next week or soemthing.

0reactions
cameronwatermancommented, Jul 6, 2022

@scholzj - Thanks for getting that updated. Do you have an ETA on when a new release might be generated - or is this a process I could get the ball rolling on?

Read more comments on GitHub >

github_iconTop Results From Across the Web

com.squareup.okhttp3:okhttp 4.9.0 vulnerabilities - Snyk
Affected versions of this package are vulnerable to Information Exposure. When there's an illegal character in a header value, an IllegalArgumentException is ...
Read more >
3.x Change Log - OkHttp
OkHttp 3.x Change Log¶. Version 3.14.9¶. 2020-05-17. Fix: Don't crash when running as a plugin in Android Studio Canary 4.1. To enable platform-specific...
Read more >
Squareup Okhttp : List of security vulnerabilities - CVE Details
# CVE ID CWE ID Vulnerability Type(s) Publish Date Update Date Score Gaine... 1 CVE‑2018‑20200 295 Bypass 2019‑04‑18 2020‑12‑16 4.3 None 2 CVE‑2016‑2402 295 Bypass...
Read more >
Search Results - CVE
A vulnerability has been found in IBAX go-ibax and classified as critical. This vulnerability affects unknown code of the file /api/v2/open/rowsInfo. The ...
Read more >
Cloudsmith - Repositories - groundsage-android-sdk - Overview
... 2.0.0 | com.google.code.gson:gson >= 2.8.6 | com.squareup.okhttp3:okhttp >= 4.9.0 | org.jetbrains.kotlin:kotlin-android-extensions-runtime >= 1.4.32.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found