update to aws-java-sdk 1.12.638+ to resolve CVE-2024-21634)

mcohen01 / amazonica

A comprehensive Clojure client for the entire Amazon AWS api.

1.01k stars 201 forks source link

update to aws-java-sdk 1.12.638+ to resolve CVE-2024-21634) #477

Open antonmos opened 10 months ago

antonmos commented 10 months ago

Per https://github.com/aws/aws-sdk-java/issues/3077, latest AWS SDK remove dependency on software.amazon.ion/ion-java that had the cause of CVE.

shahceg commented 9 months ago

can this be prioritised as the sdk has already integrated this?

speque commented 5 months ago

This would be a very nice upgrade.

joekiller commented 3 months ago

There's no reason why you cannot override your specific versions or exclude a dependency with an :exclusions clause.

:dependencies [
  [amazonica 0.3.167 :exclusions [software.amazon.ion/ion-java]]
  [com.amazonaws/aws-java-sdk-core 1.12.638 :exclusions [software.amazon.ion/ion-java]]
]