Android: upgrading OkHttp from 4.9.1 to 4.9.2 to fix CVE-2021-0341 (#…

…32968) Summary: Security vulnerability CVE-2021-0341 is present in okhttp 4.9.1. Upgrading to 4.9.2 will resolve the issue. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0341 ## Changelog [Android] [Security] - Upgraded okhttp to 4.9.2 to fix CVE-2021-0341 Pull Request resolved: #32968 Test Plan: Upgrading okhttp 4.9.1 to 4.9.2 should be backwards compatible per https://github.com/square/okhttp/blob/master/CHANGELOG.md#version-492. Should be safe to merge if CircleCI tests pass. Reviewed By: ShikaSD Differential Revision: D33788131 Pulled By: cortinico fbshipit-source-id: e9593a42a8e40a903ee6f529d94c82adcf5d0977
facebook · Jan 27, 2022 · d6db5c5 · d6db5c5
1 parent 12a6742
commit d6db5c5
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/ReactAndroid/gradle.properties b/ReactAndroid/gradle.properties
@@ -12,7 +12,7 @@ JUNIT_VERSION=4.12
 
 ANDROIDX_TEST_VERSION=1.1.0
 FRESCO_VERSION=2.5.0
-OKHTTP_VERSION=4.9.1
+OKHTTP_VERSION=4.9.2
 SO_LOADER_VERSION=0.10.3
 
 BOOST_VERSION=1_63_0

diff --git a/ReactAndroid/src/main/third-party/java/okhttp/BUCK b/ReactAndroid/src/main/third-party/java/okhttp/BUCK
@@ -30,8 +30,8 @@ rn_prebuilt_jar(
 
 fb_native.remote_file(
     name = "okhttp3-binary.jar",
-    sha1 = "51215279c3fe472c59b6b7dd7491e6ac2e28a81b",
-    url = "mvn:com.squareup.okhttp3:okhttp:jar:4.9.1",
+    sha1 = "5302714ee9320b64cf65ed865e5f65981ef9ba46",
+    url = "mvn:com.squareup.okhttp3:okhttp:jar:4.9.2",
 )
 
 rn_prebuilt_jar(
@@ -41,6 +41,6 @@ rn_prebuilt_jar(
 
 fb_native.remote_file(
     name = "okhttp3-urlconnection-binary.jar",
-    sha1 = "f45e809215bd0961350148cf5b78707865084e6f",
-    url = "mvn:com.squareup.okhttp3:okhttp-urlconnection:jar:4.9.1",
+    sha1 = "3b9e64d3d56370bc7488ed8b336d17a8013cb336",
+    url = "mvn:com.squareup.okhttp3:okhttp-urlconnection:jar:4.9.2",
 )