Upgrade okhttp due to CVE 2021-0341
mjiderhamn opened this issue · comments
Is your feature request related to a problem? Please describe.
okhttp is affected by CVE CVE-2021-0341. It has been fixed in 4.9.1, but does not seem to have been backported to 3.x.
Describe the solution you'd like
Please upgrade okhttp to 4.x.
I think the latest version is already using 4.9.3
: https://github.com/SpectoLabs/hoverfly-java/blob/master/build.gradle#L34
Indeed. Must be something in my dependencyManagement
that overrides this. Sorry about that!