search

socketio / socket.io-client-java

Full-featured Socket.IO Client Library for Java, which is compatible with Socket.IO v1.0 and later.
https://socketio.github.io/socket.io-client-java/installation.html
Other
5.31k stars 969 forks source link

OkHttp vulnerability issues in Socket.io client dependency #722

Open shivamsharma2710 opened 1 year ago

shivamsharma2710 commented 1 year ago

Socket.IO Library has two vulnerabilities which are coming out from the internal OkHttp dependency. I've used the latest socket.io v2.1.0 which is using very old version 3.12.12 of OkHttp.

Following are the vulnerabilities:

  1. Improper Certificate Validation

  2. Information Exposure

Please give an estimate on when you're planning to fix these vulnerabilities?

PFA the complete vulnerability report,

Screenshot 2022-10-12 at 4 21 38 AM
shivamsharma2710 commented 1 year ago

@darrachequesne Please give an ETA when will be new release coming out with this fix?