Vulnerability found in latest version v2.9.0 #3901
Replies: 1 comment 2 replies
-
|
There are no vulnerabilities in Retrofit itself. The purported vulnerabilities are in transitive dependencies which can (and should) be upgraded independently from Retrofit itself. We use Renovate to automatically bump dependencies, so the next release will use the latest version of the affected libraries, but as to whether those versions are vulnerability-free is not strictly a concern at our layer since it can only be addressed by those dependencies and not by us. |
Beta Was this translation helpful? Give feedback.
-
|
Any idea when the next release is? The last one was in May 2020 |
Beta Was this translation helpful? Give feedback.
-
|
No |
Beta Was this translation helpful? Give feedback.
-
Hey, community friends / Library owners,
I am writing to inform you about a security vulnerability that has been discovered in the latest version of Retrofit, specifically version 2.9.0. As an active user and concerned community member, I believe it is crucial to bring this issue to your attention in order to ensure the safety and integrity of the library.
I understand that Retrofit is widely used in various projects and has a substantial user base. Therefore, it is important to address this vulnerability promptly to protect the community from any potential security breaches or compromises.
I kindly request that you review and investigate this matter further to confirm the validity of the vulnerability and take appropriate action as soon as possible.
Beta Was this translation helpful? Give feedback.
All reactions