[QUESTION] Any plans to use aws-sdk-java V2?

aws / amazon-kinesis-video-streams-parser-library

Amazon Kinesis Video Streams parser library is for developers to include in their applications that makes it easy to work with the output of video streams such as retrieving frame-level objects, metadata for fragments, and more.

Apache License 2.0

103 stars 52 forks source link

[QUESTION] Any plans to use aws-sdk-java V2? #177

Open Alex-Wenner-FHR opened 1 year ago

Alex-Wenner-FHR commented 1 year ago

I am wondering if there are any plans to upgrade the pom.xml to use aws-sdk-java-v2 found here?

I see that there are known vulnerabilities on aws-java-sdk-core:1.12.437.

After reading a bit, I found this issue where the AWS team says that they are not focused on v1 and rather have shifted focus to V2. See this issue

Does the team have any thoughts on this? Thanks!

disa6302 commented 1 year ago

@Alex-Wenner-FHR ,

Moving to aws-sdk-java-v2 would be a bigger task and would require a lot of testing to ensure our SDK does not break. Will update the thread when we have more details.

Alex-Wenner-FHR commented 1 year ago

@disa6302 thanks for the follow up. Are these vulnerabilities false positives or are they actually known real issues? Trying to understand the risk associated here for I am not super in touch with the security side of things.

hassanctech commented 1 year ago

I am working on this, there is currently a blocking issue: https://github.com/aws/aws-sdk-java-v2/issues/1330 Once this is resolved I should be able to complete the update. Unfortunately I do not have a date for this at the moment.