google-maps-services-java icon indicating copy to clipboard operation
google-maps-services-java copied to clipboard
verified publisher icon googlemaps

fix: Downgrade OkHttp 5.0.0-alpha.7 -> 4.10.0

Open Stephan202 opened this issue 3 years ago • 1 comments

This change partially reverts the upgrade performed in #829, and is an alternative fix for #816. OkHttp 4.10.0 depends on Kotlin 1.6.20, which is not vulnerable to CVE-2020-29582.

This downgrade also resolves #832.

See:

  • https://square.github.io/okhttp/changelogs/changelog_4x/#version-4100
  • https://nvd.nist.gov/vuln/detail/CVE-2020-29582

Stephan202 avatar Jun 22 '22 20:06 Stephan202

A release with this change would help us, as our build enforces requireUpperBoundDeps. If we explicitly downgrade OkHttp to avoid an alpha release (which we don't want to use in production) then the maven-enforcer-plugin complains.

Stephan202 avatar Jun 22 '22 20:06 Stephan202

:tada: This PR is included in version 2.1.1 :tada:

The release is available on:

Your semantic-release bot :package::rocket:

googlemaps-bot avatar Oct 18 '22 20:10 googlemaps-bot