okhttp library is vulnerable to an information disclosure issue due to how the contents of sensitive headers, such as the Authorization header, can be logged when an IllegalArgumentException is thrown.
This issue could allow an attacker or malicious user who has access to the logs to obtain the sensitive contents of the affected headers which could facilitate further attacks.
Fixed in 5.0.0-alpha3 by this commit. The fix was cherry-picked and backported into 4.9.2 with this commit.
Requesting you to clarify if this dependency will be updated to a fixed version in the following releases
Comment From: snicoll
@meier-th please search the issue tracker before raising issues like this. There is already a conversation about oktthp 4.