Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade okio to resolve CVE-2023-3635 #8013

Closed
Magamir opened this issue Sep 6, 2023 · 1 comment
Closed

Upgrade okio to resolve CVE-2023-3635 #8013

Magamir opened this issue Sep 6, 2023 · 1 comment
Labels
bug Bug in existing code

Comments

@Magamir
Copy link

Magamir commented Sep 6, 2023

CVE-2023-3635 was reported as a vulnerability of okio which okhttp depends on. As far as I can see, there's no released version of okhttp which uses at least okio 3.4.0 which fixed the vulnerability.

Could you please update okhttp to use a version which includes the fix?

For further reference, see also:

Thank you,
Matthias.
@Magamir Magamir added the bug Bug in existing code label Sep 6, 2023
@yschimke
Copy link
Collaborator

yschimke commented Sep 6, 2023

Dupe of #7994 and #7944

@yschimke yschimke closed this as completed Sep 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Bug in existing code
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yschimke @Magamir