Too old version of Okhttp

[ahmed-abdelmonem]

Is your enhancement related to a problem? Please describe

The current okhttp version has vulnerabilities (CVE-2023-3635) which cause many issues for us. okhttp-3.12.12. It would be great if the latest version of okhttp is used.

Describe the solution you'd like

Upgrade to the latest version of okhttp.

Describe alternatives you've considered

No response

Additional context

No response

[rohanKanojia]

I think we are sticking to 3.x version because 4.x is based on kotlin. It should still be possible to use okhttp 4 with fabric8 by just excluding okhttp3 and adding okhttp4. See example here

[ahmed-abdelmonem]

@rohanKanojia Thank you for your comment. That will fix my issue.

[tomdw]

@rohanKanojia why stick with an unsupported version with vulnerabilities? it is Kotlin based but this should not affect its usage. If there is a workaround to exclude okhttp3 and include okhttp4 in your project dependencies, then it means it is a drop in replacement. It will be a non-breaking upgrade then. Can this be reopened and fixed please?

[rohanKanojia]

@tomdw : I think it would be better if we open a new issue to discuss this.

Just to be clear, you're interested in upgrade from kubernetes mock server perspective, right?

[tomdw]

@rohanKanojia that is correct, I'll create another issue

[tomdw]

@rohanKanojia this is the new issue: #5613