Search found 3 matches

Security vulnerabilities in old version of okhttp library

nzb360 13.0.3 uses an old version of the okhttp library - 2.7.5 for Sonarr/Radarr/SABnzbd, but it uses version 3.10.0 for Deluge. There are some security vulnerabilities in the 2.7.5 version, as per the national vulnerability database. In addition, 2.7.5 does not have full support for HTTP/2 as post...

Re: HTTP/2 support

It appears that nzb360 uses a very old version of okhttp for some services (I'm seeing user agents okhttp/2.7.5 for Sonarr/Radarr/SABnzbd and okhttp/3.9.1 for Deluge in my logs). 2.7.5 does not fully support HTTP/2 or TLS 1.3 among other things. 3.9.1 supports HTTP/2 (tested OK with Deluge) but not ...

HTTP/2 support

nzb360 makes connections to web services with HTTP/1.1 even through proxies that support HTTP/2, as my nginx access log shows: "GET /sabnzbd/api?mode=version&output=json&apikey=<redacted>&output=json HTTP/1.1" 200 20 "-" "-" HTTP/2 has performance advantages which should improve speeds on remote con...

Go to advanced search