micro-integrator icon indicating copy to clipboard operation
micro-integrator copied to clipboard

Published 20 hours ago verified publisher icon wso2

Update the kotlin stdlib version used in the okhttp/okio jar

Open gayaldassanayake opened this issue 8 months ago • 3 comments

Current Limitation

The okhttp_4.9.3.wso2v4.jar from wso2/orbit is used inside <MI_HOME>/wso2/components/plugins directory. This jar depends the following jars.

kotlin-stdlib-1.8.10.jar kotlin-stdlib-common-1.8.10.jar

kotlin-stdlib-1.8.10.jar has a low level vulnarability. This has been a concern for a customer.

Suggested Improvement

The Kotlin vulnarability has been fixed with 2.1.0 and above. So bumping the kotlin version to latest 2.1.10 should be adequate to fix the issue.

Version

4.3.2

gayaldassanayake avatar Feb 11 '25 07:02 gayaldassanayake