mirror of
https://github.com/square/okhttp.git
synced 2025-11-24 18:41:06 +03:00
f94be9ff69
Our original expectations were that KitKat devices would age out in 2020. It's been a garbage year and this expectations no longer hold. We're extending support an extra year. We continue to support OkHttp 3.12.x because later releases are not usable on older devices and JVMs. OkHttp 3.14.x has no such reason to receive support, and we'll stop updating it on June 30, 2020. Users of OkHttp 3.14.x should upgrade to the 4.x series. Android apps should accept Kotlin libraries; it's the platform's future. And JVM apps are less constrained by binary size. Here's the size of OkHttp + transitive dependencies, and those of alternatives: * OkHttp 4.4: 2.47 MiB including Kotlin stdlib (1.51 MiB) * Apache HTTP Client 5.0: 1.78 MiB including slf4j-api (0.04 MiB) * Jetty HTTP Client 9.4: 1.19 MiB
702 B
702 B
Security Policy
Supported Versions
| Version | Supported | Notes |
|---|---|---|
| 4.x | ✅ | |
| 3.14.x | Until 2020-06-30 | |
| 3.12.x | Until 2021-12-31 | Android 2.3+ (API level 9+) and Java 7+. Platforms may not support TLSv1.2. |
Reporting a Vulnerability
Square recognizes the important contributions the security research community can make. We therefore encourage reporting security issues with the code contained in this repository.
If you believe you have discovered a security vulnerability, please follow the guidelines at https://bugcrowd.com/squareopensource