search

open-webrtc-toolkit / owt-client-android

Open WebRTC Toolkit client SDK for Android applications.
https://01.org/open-webrtc-toolkit
Apache License 2.0
194 stars 96 forks source link

upgrade dependency lib to fix CVE-2018-20200 #251

Closed inteltiger closed 3 years ago

inteltiger commented 3 years ago

io.socket:socket.io-client:1.0.0 depends okhttp 3.8.1 okhttp 3.8.1 has security vulnerablity CVE-2018-20200

upgrade io.socket:socket.io-client:1.0.1 who depends on okhttp 3.12.12, fixed the vulnerability

Signed-off-by: Tiger Meng xiao.xi.meng@intel.com

inteltiger commented 3 years ago

security scan report before patch https://bdba001.icloud.intel.com/products/768835/#/analysis security scan report after patch https://bdba001.icloud.intel.com/products/770668/#/analysis

daijh commented 3 years ago

@taste1981 please help to review