Closed johnduffell closed 4 years ago
theon
commented
4 years ago Hi! I've been maintaining a more up-to-date fork of scala-uri over at https://github.com/lemonlabsuk/scala-uri so I would recommend migrating over to that if possible The fork over there no longer has a dependency on spray-json.
johnduffell
commented
4 years ago Thanks for the quick reply @theon !
I have migrated to the updated version with only one small code change other than imports (we were building a url "http://localhost/" / "something/else" and not expecting the slash to be encoded)
Closing this PR.
1.3.2 is vulnerable to two DoS attacks, 1.3.5 has been released for many months which is not vulnerable so should be reliable. See these for more details: https://app.snyk.io/vuln/SNYK-JAVA-IOSPRAY-474271 https://app.snyk.io/vuln/SNYK-JAVA-IOSPRAY-474269