Skip to content

Commit

Permalink
Update OkHttp to 3.14.9 to improve security (#30609)
Browse files Browse the repository at this point in the history
Summary:
Okhttp 3.12.X allows Connections using TLS 1.0 and TLS1.1.
TLS 1.0 and TLS 1.1 are no longer secure.
Google, Mozilla, Microsoft, and Apple announced that their browsers will require TLSv1.2 or better starting in early 2020.

https://square.github.io/okhttp/changelog_3x/#version-310
https://github.com/facebook/react-native/wiki/Changelog

Starting from 3.13.0 TLSv1 and TLSv1.1 are no longer enabled by default.
3.13.0 requires JAVA 8 and Android SDK 21 (which was blocking the Upgrade in the Past).

## Changelog

[Android] [Changed] - Update Okhttp to version 3.14.19

Pull Request resolved: #30609

Test Plan:
Current tests should pass.
Connections using TLS 1.0 and TLS 1.1 should not be possible.

Reviewed By: mdvacca

Differential Revision: D25843511

Pulled By: fkgozali

fbshipit-source-id: f0b648c8037f945130c6f9983404ee7f75b178cb
  • Loading branch information
Lukas Müller authored and facebook-github-bot committed Jan 8, 2021
1 parent 9215980 commit 6bfd89d
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion ReactAndroid/gradle.properties
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ JUNIT_VERSION=4.12

ANDROIDX_TEST_VERSION=1.1.0
FRESCO_VERSION=2.0.0
OKHTTP_VERSION=3.12.12
OKHTTP_VERSION=3.14.9
SO_LOADER_VERSION=0.9.0

BOOST_VERSION=1_63_0
Expand Down
8 changes: 4 additions & 4 deletions ReactAndroid/src/main/third-party/java/okhttp/BUCK
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ rn_prebuilt_jar(

fb_native.remote_file(
name = "okhttp3-binary.jar",
sha1 = "d3e1ce1d2b3119adf270b2d00d947beb03fe3321",
url = "mvn:com.squareup.okhttp3:okhttp:jar:3.12.12",
sha1 = "3e6d101343c7ea687cd593e4990f73b25c878383",
url = "mvn:com.squareup.okhttp3:okhttp:jar:3.14.9",
)

rn_prebuilt_jar(
Expand All @@ -21,6 +21,6 @@ rn_prebuilt_jar(

fb_native.remote_file(
name = "okhttp3-urlconnection-binary.jar",
sha1 = "3cfbe11fb8c48d30600a70f90b3283fc858aea72",
url = "mvn:com.squareup.okhttp3:okhttp-urlconnection:jar:3.12.12",
sha1 = "c9a3b45b815cf2982415ec8145339f5af58989c3",
url = "mvn:com.squareup.okhttp3:okhttp-urlconnection:jar:3.14.9",
)

0 comments on commit 6bfd89d

Please sign in to comment.