We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Are there any plans to upgrade engine.io-client-java to OkHttp 4.x?
The latest version of the Engine.IO client still depends on OkHttp 3.12.12, which is no longer supported, including security patches (ending 31 December 2021).
Moreover, OkHttp has been impacted by CVE-2021-0341 and whilst explaining that this is not realistically exploitable, the maintainers have fixed the issue in OkHttp 4.x but are not backporting the fix to 3.x.
This leaves any users of engine.io-client-java (and by extension, socket.io-client-java) flagging this "high severity" CVE in any dependency scans.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Are there any plans to upgrade engine.io-client-java to OkHttp 4.x?
The latest version of the Engine.IO client still depends on OkHttp 3.12.12, which is no longer supported, including security patches (ending 31 December 2021).
Moreover, OkHttp has been impacted by CVE-2021-0341 and whilst explaining that this is not realistically exploitable, the maintainers have fixed the issue in OkHttp 4.x but are not backporting the fix to 3.x.
This leaves any users of engine.io-client-java (and by extension, socket.io-client-java) flagging this "high severity" CVE in any dependency scans.
The text was updated successfully, but these errors were encountered: