Update of kotlin-stdlib 1.3.0 to 1.3.30 or higher

Question

Update of kotlin-stdlib 1.3.0 to 1.3.30 or higher

dalibor-florian opened this issue 5 years ago · 2 comments

Hello,
could you please update your kotlin-stdlib to version 1.3.30 or higher?
In version 1.3.0 is couple of security issues.

CVE-2019-10101
Description: JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.

CVE-2019-10102
Description: JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.

CVE-2019-10103
Description: JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.

Thanks in advance

Answer 1 · 2020-06-10T16:59:02.000Z

@mcbig please propose a PR

Answer 2 · 2020-06-11T07:58:54.000Z

@mikehardy sure, PR is ready for review
#63