Hello! We found that latest sonar-scanner-cli
release (specifically, sonar-scanner-api
) depends on com.squareup.okhttp3:3.14.2 which seems to have a vulnerability (reported as PRISMA-2022-0239).
Details: Exception for bad header can leak an Authorization secret · Issue #6738 · square/okhttp · GitHub
According to these comments, there are no plans to backport the fix to the com.squareup.okhttp3
branch of 3.x
, and it is recommended to upgrade to 4.x
.
Is sonar-scanner-cli affected by this vulnerability?
Is there a plan to switch to com.squareup.okhttp:4.x
?
Thanks in advance.