You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@drill.apache.org by "James Turton (Jira)" <ji...@apache.org> on 2022/10/17 14:45:00 UTC

[jira] [Updated] (DRILL-8334) Upgrade to okhttp 4.10.0 due to CVEs in kotlin transitive dependencies

     [ https://issues.apache.org/jira/browse/DRILL-8334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

James Turton updated DRILL-8334:
--------------------------------
    Summary: Upgrade to okhttp 4.10.0 due to CVEs in kotlin transitive dependencies  (was: upgrade to okhttp 4.10.0 due to CVEs in kotlin transitive dependencies)

> Upgrade to okhttp 4.10.0 due to CVEs in kotlin transitive dependencies
> ----------------------------------------------------------------------
>
>                 Key: DRILL-8334
>                 URL: https://issues.apache.org/jira/browse/DRILL-8334
>             Project: Apache Drill
>          Issue Type: Improvement
>            Reporter: PJ Fanning
>            Priority: Major
>
> [https://mvnrepository.com/artifact/com.squareup.okhttp3/okhttp]
> It's a fairly minot bump from 4.9.3 to 4.10.0
> okhttp 4.10.0 uses a newer copy of kotlin-stdlib that doesn't have CVEs



--
This message was sent by Atlassian Jira
(v8.20.10#820010)