Update OkHttp To 3.1.2 To Fix Security Vulnerability #3938

bleege · 2016-02-13T19:42:08Z

@swankjesse at Square just posted that they've had a Certificate Pinning vulnerability discovered in OkHttp and that projects using OkHttp should update to 3.1.2 immediately if on the 3.x version of OkHttp like Mapbox is. Mapbox Android SDK is currently on 3.1.1 of OkHttp.

Related Issues:

The text was updated successfully, but these errors were encountered:

tobrun · 2016-02-13T23:58:56Z

Great catch @bleege!

bleege added Android Mapbox Maps SDK for Android telemetry Integration with Mapbox Telemetry libraries labels Feb 13, 2016

bleege self-assigned this Feb 13, 2016

bleege added this to the android-v4.0.0 milestone Feb 13, 2016

bleege changed the title ~~Update OkHttp To 3.1.2 To Fix~~ Update OkHttp To 3.1.2 To Fix Security Vulnerability Feb 13, 2016

bleege added a commit that referenced this issue Feb 13, 2016

[android] #3938 - Upgrading OkHttp to version 3.1.2

97ff6cf

jfirebaugh added the in progress label Feb 13, 2016

bleege mentioned this issue Feb 13, 2016

Upgrading OkHttp to version 3.1.2 #3939

Merged

bleege closed this as completed in #3939 Feb 13, 2016

lucaswoj removed the in progress label Feb 13, 2016

Provide feedback