Closed randheerar closed 7 months ago
These dependencies have already been updated on the master branch. Note that these vulnerabilities have no impact on Jsign (the BouncyCastle CertPath validation API isn't used, and no untrusted json data is parsed).
Thanks @ebourg for the update
Is there a plan to update below dependencies to mitigate CVE-2023-34610 & CVE-2023-33201 ?
com.cedarsoftware » json-io --> Upgrade to 4.14.2 org.bouncycastle » bcprov-jdk18on --> Upgrade to 1.76