Hi I noticed the latest release of the java-client has two libraries with security vulnerabilities.
https://mvnrepository.com/artifact/com.urbanairship/java-client/8.1.1
The jackson-databind library should be updated from 2.13.0 to 2.13.3, and netty-codec-http should be updated from 4.1.71 to 4.1.77 to fix these vulnerabilities. This is important to us as we are a security company. Is there a plan to release an updated build to fix these vulnerabilities in the near future. If so, when?
Didn't find what you were looking for?
New postHello,
This is Eric from Airship Technical Support. I've created an escalation to our engineering team to get this updated for you. I don't have an ETA but should be released in the near future.
Thank you,
Eric L.
Technical Support Engineer
Airship Group | Apptimize | Portland
Hello,
As an update, the requested updates to dependencies has been completed and a new version of the sdk has been released.
Thank you,
Eric L.
Technical Support Engineer
Airship Group | Apptimize | Portland
Are there documentation and release notes available for the migration from an older version of the java-client to the new 8.2.0 version? Or is the published java-client instructions at https://docs.airship.com/api/libraries/java/ && https://github.com/urbanairship/java-library sufficient enough for upgrading?
We would be taking the leap from a much older version.
Please sign in to leave a comment.
Comments
4 comments