okhttp update to 4.9.2 #29726
Labels
status: invalid
An issue that we don't feel is valid
Comments
spring-projects-issues
added
the
status: waiting-for-triage
|
@meier-th please search the issue tracker before raising issues like this. There is already a conversation about oktthp 4. |
snicoll
added
status: invalid
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
okhttp library is vulnerable to an information disclosure issue due to how the contents of sensitive headers, such as the Authorization header, can be logged when an IllegalArgumentException is thrown.
This issue could allow an attacker or malicious user who has access to the logs to obtain the sensitive contents of the affected headers which could facilitate further attacks.
Fixed in 5.0.0-alpha3 by this commit. The fix was cherry-picked and backported into 4.9.2 with this commit.
Requesting you to clarify if this dependency will be updated to a fixed version in the following releases
The text was updated successfully, but these errors were encountered: