You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The last version of the Okhttp 3, the version v3.14.9, uses Okio version 1.17.2.
Okio 1.17.2 has been marked vulnerable with the vulnerability :- https://nvd.nist.gov/vuln/detail/CVE-2023-3635
Hence, we're planning to upgrade to the latest Okio version 3.5.0. But we currently don't need to upgrade okhttp3, and hence we don't want to. Since Upgrading okhttp 3 to Okhttp 4 seems to have additional challenges, we want to stick to okhttp 3 for now.
The query I have is that if we keep using okhttp 3, and upgrade okio to the latest version 3.5.0, would there be a compatibility issue between okhttp3 and okio? Currently we use okhttp 3.13.0 in our application.
The text was updated successfully, but these errors were encountered:
The last version of the Okhttp 3, the version v3.14.9, uses Okio version 1.17.2.
Okio 1.17.2 has been marked vulnerable with the vulnerability :- https://nvd.nist.gov/vuln/detail/CVE-2023-3635
Hence, we're planning to upgrade to the latest Okio version 3.5.0. But we currently don't need to upgrade okhttp3, and hence we don't want to. Since Upgrading okhttp 3 to Okhttp 4 seems to have additional challenges, we want to stick to okhttp 3 for now.
The query I have is that if we keep using okhttp 3, and upgrade okio to the latest version 3.5.0, would there be a compatibility issue between okhttp3 and okio? Currently we use okhttp 3.13.0 in our application.
The text was updated successfully, but these errors were encountered: