From e896d21ced3c0c917c2fc0044d2b93b44df9a081 Mon Sep 17 00:00:00 2001 From: owjsub Date: Thu, 27 Jan 2022 07:05:14 -0800 Subject: [PATCH] Android: upgrading OkHttp from 4.9.1 to 4.9.2 to fix CVE-2021-0341 (#32968) Summary: Security vulnerability CVE-2021-0341 is present in okhttp 4.9.1. Upgrading to 4.9.2 will resolve the issue. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0341 ## Changelog [Android] [Security] - Upgraded okhttp to 4.9.2 to fix CVE-2021-0341 Pull Request resolved: https://github.com/facebook/react-native/pull/32968 Test Plan: Upgrading okhttp 4.9.1 to 4.9.2 should be backwards compatible per https://github.com/square/okhttp/blob/master/CHANGELOG.md#version-492. Should be safe to merge if CircleCI tests pass. Reviewed By: ShikaSD Differential Revision: D33788131 Pulled By: cortinico fbshipit-source-id: e9593a42a8e40a903ee6f529d94c82adcf5d0977 # Conflicts: # ReactAndroid/gradle.properties --- ReactAndroid/gradle.properties | 2 +- ReactAndroid/src/main/third-party/java/okhttp/BUCK | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ReactAndroid/gradle.properties b/ReactAndroid/gradle.properties index 7d34bec5234d77..b4974783ed8a13 100644 --- a/ReactAndroid/gradle.properties +++ b/ReactAndroid/gradle.properties @@ -12,7 +12,7 @@ JUNIT_VERSION=4.12 ANDROIDX_TEST_VERSION=1.1.0 FRESCO_VERSION=2.5.0 -OKHTTP_VERSION=4.9.1 +OKHTTP_VERSION=4.9.2 SO_LOADER_VERSION=0.10.1 BOOST_VERSION=1_63_0 diff --git a/ReactAndroid/src/main/third-party/java/okhttp/BUCK b/ReactAndroid/src/main/third-party/java/okhttp/BUCK index 62813049874d1f..f9fb068058c38e 100644 --- a/ReactAndroid/src/main/third-party/java/okhttp/BUCK +++ b/ReactAndroid/src/main/third-party/java/okhttp/BUCK @@ -30,8 +30,8 @@ rn_prebuilt_jar( fb_native.remote_file( name = "okhttp3-binary.jar", - sha1 = "51215279c3fe472c59b6b7dd7491e6ac2e28a81b", - url = "mvn:com.squareup.okhttp3:okhttp:jar:4.9.1", + sha1 = "5302714ee9320b64cf65ed865e5f65981ef9ba46", + url = "mvn:com.squareup.okhttp3:okhttp:jar:4.9.2", ) rn_prebuilt_jar( @@ -41,6 +41,6 @@ rn_prebuilt_jar( fb_native.remote_file( name = "okhttp3-urlconnection-binary.jar", - sha1 = "f45e809215bd0961350148cf5b78707865084e6f", - url = "mvn:com.squareup.okhttp3:okhttp-urlconnection:jar:4.9.1", + sha1 = "3b9e64d3d56370bc7488ed8b336d17a8013cb336", + url = "mvn:com.squareup.okhttp3:okhttp-urlconnection:jar:4.9.2", )