ivan-dinkov
commented
2 weeks ago Hi @mariuszpala , thanks for notifying us about these. I'll let the dev team know about your request and they should follow up with an update.
Open mariuszpala opened 2 weeks ago
ivan-dinkov
commented
2 weeks ago Hi @mariuszpala , thanks for notifying us about these. I'll let the dev team know about your request and they should follow up with an update.
ivan-dinkov
commented
2 weeks ago Hi @mariuszpala, you can expect the fix to be there as RC version sometime next week on Maven.
vinz
commented
1 week ago Hi @mariuszpala ,
Happy to report that the fix is now included in latest docusign-esign-java SDK:
https://central.sonatype.com/artifact/com.docusign/docusign-esign-java.
Please check and revert so that we can close this github issue.
Thanks, Vinay
mariuszpala
commented
1 week ago Thank you, there is one issue left. In Maven this project has no dependencies although there are many required, why the POM doesn't define any?
https://mvnrepository.com/artifact/com.docusign/docusign-esign-java/5.1.0
mariuszpala
commented
1 week ago The list of the dependencies that library depends on should be rather defined in pom.xml and it also includes outdated version of libraries, e.g. java-jwt is already 4.4 but the library depends on v3.4.1. https://mvnrepository.com/artifact/com.auth0/java-jwt/4.4.0
Due to many vulnerabilities found in v.1.69 can you please upgrade that dependency to 1.78.1?
This is critical issue from the security perspective, we have a number of libraries alredy upgraded to latest version, but docusign fails with that latest version.
https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.69