Android: upgrading OkHttp from 4.9.1 to 4.9.2 to fix CVE-2021-0341 (#32968)

owjsub · kelset · commit e896d21ced3c · 2022-01-31T15:21:42.000Z
Summary: Security vulnerability CVE-2021-0341 is present in okhttp 4.9.1. Upgrading to 4.9.2 will resolve the issue. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0341 ## Changelog [Android] [Security] - Upgraded okhttp to 4.9.2 to fix CVE-2021-0341 Pull Request resolved: #32968 Test Plan: Upgrading okhttp 4.9.1 to 4.9.2 should be backwards compatible per https://github.com/square/okhttp/blob/master/CHANGELOG.md#version-492. Should be safe to merge if CircleCI tests pass. Reviewed By: ShikaSD Differential Revision: D33788131 Pulled By: cortinico fbshipit-source-id: e9593a42a8e40a903ee6f529d94c82adcf5d0977 # Conflicts: # ReactAndroid/gradle.properties
diff --git a/ReactAndroid/gradle.properties b/ReactAndroid/gradle.properties
@@ -12,7 +12,7 @@ JUNIT_VERSION=4.12
 
 ANDROIDX_TEST_VERSION=1.1.0
 FRESCO_VERSION=2.5.0
-OKHTTP_VERSION=4.9.1
+OKHTTP_VERSION=4.9.2
 SO_LOADER_VERSION=0.10.1
 
 BOOST_VERSION=1_63_0
diff --git a/ReactAndroid/src/main/third-party/java/okhttp/BUCK b/ReactAndroid/src/main/third-party/java/okhttp/BUCK
@@ -30,8 +30,8 @@ rn_prebuilt_jar(
 
 fb_native.remote_file(
     name = "okhttp3-binary.jar",
-    sha1 = "51215279c3fe472c59b6b7dd7491e6ac2e28a81b",
-    url = "mvn:com.squareup.okhttp3:okhttp:jar:4.9.1",
+    sha1 = "5302714ee9320b64cf65ed865e5f65981ef9ba46",
+    url = "mvn:com.squareup.okhttp3:okhttp:jar:4.9.2",
 )
 
 rn_prebuilt_jar(
@@ -41,6 +41,6 @@ rn_prebuilt_jar(
 
 fb_native.remote_file(
     name = "okhttp3-urlconnection-binary.jar",
-    sha1 = "f45e809215bd0961350148cf5b78707865084e6f",
-    url = "mvn:com.squareup.okhttp3:okhttp-urlconnection:jar:4.9.1",
+    sha1 = "3b9e64d3d56370bc7488ed8b336d17a8013cb336",
+    url = "mvn:com.squareup.okhttp3:okhttp-urlconnection:jar:4.9.2",
 )
