Potential secutiry vulnerabilities in the shared library which J2V8 depends on. Can you help upgrade to patch versions?

[HelenParr]

Hi, @irbull , @drywolf , I'd like to report a vulnerability issue in com.eclipsesource.j2v8:j2v8:linux_x86_64_4.8.0.

Issue Description

com.eclipsesource.j2v8:j2v8:linux_x86_64_4.8.0 depends on 1 C library(.so). However, I noticed that the C library is vulnerable, containing the following CVEs:

libj2v8_linux_x86_64.so from C project openssl(version:1.0.2j) exposed 4 vulnerabilities: CVE-2021-3712, CVE-2020-1968, CVE-2017-3738, CVE-2019-1552

Suggested Vulnerability Patch Versions

openssl has fixed the vulnerabilities in versions >=1.1.1l

Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects. Could you please upgrade the above shared libraries to their patch versions?

Thanks for your help~ Best regards, Helen Parr

[caoccao]

J2V8 has dropped support for Windows/Linux/Mac for years. You won't be able to get any updates if you wish for a security patch.

I would suggest you try https://github.com/caoccao/Javet/.