All versions but 3.4.0 are affected. I am on 2.10.0, can I expect 2.10.1?

yes it is high finding in terms of security

Don’t read 3.0 as a major upgrade over 2.0. This is what the release notes say:

This is the first stable release of Okio 3.x. This release is strongly backwards-compatible with Okio 2.x, and the new major version signifies new capabilities more than it does backwards incompatibility.

Most users should be able to upgrade from 2.x by just changing the version. If you’re using Okio in a Kotlin Multiplatform project, you’ll need to drop the -multiplatform suffix in your Gradle dependencies.

(We bumped the version because we were so excited about our new file system API.)