Page 1 of 1

Security vulnerabilities in old version of okhttp library

Posted: Sat Jul 06, 2019 6:04 pm
by charles
nzb360 13.0.3 uses an old version of the okhttp library - 2.7.5 for Sonarr/Radarr/SABnzbd, but it uses version 3.10.0 for Deluge.

There are some security vulnerabilities in the 2.7.5 version, as per the national vulnerability database.

In addition, 2.7.5 does not have full support for HTTP/2 as posted here over 4 months ago.

Neither versions 2.7.5 nor 3.10.0 support TLS 1.3.

Can this please be updated?