Upgrade okhttp due to CVE 2021-0341

Question

Upgrade okhttp due to CVE 2021-0341

mjiderhamn opened this issue 2 years ago · comments

Is your feature request related to a problem? Please describe.
okhttp is affected by CVE CVE-2021-0341. It has been fixed in 4.9.1, but does not seem to have been backported to 3.x.

Describe the solution you'd like
Please upgrade okhttp to 4.x.

Tommy Situ · Answer 1 · Wed May 25 2022 21:29:48 GMT+0800 (China Standard Time)

I think the latest version is already using 4.9.3: https://github.com/SpectoLabs/hoverfly-java/blob/master/build.gradle#L34

Mattias Jiderhamn · Answer 2 · Thu May 26 2022 16:11:05 GMT+0800 (China Standard Time)

Indeed. Must be something in my dependencyManagement that overrides this. Sorry about that!