Bump Bouncy Castle to 1.74+ to solve CVE-2023-33201

Adyen / adyen-3ds2-android

Apache License 2.0

26 stars 8 forks source link

Bump Bouncy Castle to 1.74+ to solve CVE-2023-33201 #63

Closed warting closed 6 months ago

warting commented 10 months ago

| --- com.adyen.checkout:3ds2:5.0.1 | +--- com.adyen.checkout:ui-core:5.0.1 (*) | +--- com.adyen.threeds:adyen-3ds2:2.2.15 | | +--- io.michaelrocks:paranoid-core:0.3.7 | | +--- org.bouncycastle:bcprov-jdk15to18:1.69 (CVE-2023-33201)

tkuntubayev commented 10 months ago

Hi @warting, thanks for flagging this! The update of Bouncy Castle is planned for the next release.

tkuntubayev commented 6 months ago

The new 2.2.16 version has been released with updated dependencies. The updated versions can be found in the release notes. Thanks.