From c0f7c844af9bfc6a37ad6b33a0386b44e20bfe38 Mon Sep 17 00:00:00 2001 From: Ihor Prysiazhnyi Date: Thu, 28 Mar 2024 17:47:38 +0200 Subject: [PATCH] [API-7599] Bumps OktHttp and Okio libs to fix CVE-2023-3635 --- CHANGES.MD | 4 ++++ README.md | 4 ++-- build.gradle | 6 +++--- src/main/java/com/siftscience/Constants.java | 2 +- src/test/java/com/siftscience/SiftRequestTest.java | 2 +- 5 files changed, 11 insertions(+), 7 deletions(-) diff --git a/CHANGES.MD b/CHANGES.MD index a5dfd9d..43f0243 100644 --- a/CHANGES.MD +++ b/CHANGES.MD @@ -1,3 +1,7 @@ +3.13.1 (2024-03-28) +================= +- Upgrade OkHttp to [4.12.0](https://square.github.io/okhttp/changelogs/changelog_4x/#version-4120) and Okio to [3.6.0](https://square.github.io/okhttp/changelogs/changelog_4x/#version-4120 ) to fix transitive vulnerability [CVE-2023-3635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3635) + 3.13.0 (2023-09-19) ================= - Add support for score percentiles in score API diff --git a/README.md b/README.md index 2c35b26..16554d7 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Java 1.7 or later. com.siftscience sift-java - 3.13.0 + 3.13.1 ``` ### Gradle ``` dependencies { - compile 'com.siftscience:sift-java:3.13.0' + compile 'com.siftscience:sift-java:3.13.1' } ``` ### Other diff --git a/build.gradle b/build.gradle index c303947..30dfba5 100644 --- a/build.gradle +++ b/build.gradle @@ -5,7 +5,7 @@ apply plugin: 'signing' apply plugin: 'java-library-distribution' group = 'com.siftscience' -version = '3.13.0' +version = '3.13.1' repositories { mavenCentral() @@ -26,8 +26,8 @@ dependencies { testCompile group: 'com.squareup.okhttp3', name: 'mockwebserver', version: '4.10.0' testCompile group: 'org.hamcrest', name: 'hamcrest-library', version: '1.3' compile 'com.google.code.gson:gson:2.10' - compile 'com.squareup.okhttp3:okhttp:4.10.0' - compile 'com.squareup.okio:okio:3.2.0' + compile 'com.squareup.okhttp3:okhttp:4.12.0' + compile 'com.squareup.okio:okio:3.6.0' compile 'commons-codec:commons-codec:1.15' } diff --git a/src/main/java/com/siftscience/Constants.java b/src/main/java/com/siftscience/Constants.java index 1b1f344..354ad46 100644 --- a/src/main/java/com/siftscience/Constants.java +++ b/src/main/java/com/siftscience/Constants.java @@ -3,6 +3,6 @@ public class Constants { public static final String API_VERSION = "v205"; - public static final String LIB_VERSION = "3.13.0"; + public static final String LIB_VERSION = "3.13.1"; public static final String USER_AGENT_HEADER = String.format("SiftScience/%s sift-java/%s", API_VERSION, LIB_VERSION); } diff --git a/src/test/java/com/siftscience/SiftRequestTest.java b/src/test/java/com/siftscience/SiftRequestTest.java index fba825e..11f2ec2 100644 --- a/src/test/java/com/siftscience/SiftRequestTest.java +++ b/src/test/java/com/siftscience/SiftRequestTest.java @@ -37,7 +37,7 @@ public void testUserAgentHeader() throws Exception { // Verify the request. RecordedRequest recordedRequest = server.takeRequest(); - Assert.assertEquals("SiftScience/v205 sift-java/3.13.0", recordedRequest.getHeader("User-Agent")); + Assert.assertEquals("SiftScience/v205 sift-java/3.13.1", recordedRequest.getHeader("User-Agent")); } }