Groups
Groups
Sign in
Groups
Groups
tink-users
Conversations
About
Send feedback
Help
com.google.crypto.tink version 1.12.1 still use google-http-client 1.43.3 which has dependencies vulnerability
30 views
Skip to first unread message
alexis gayte
unread,
Apr 5, 2025, 8:02:21 AM
Apr 5
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to tink-users
Hi Here,
Thanks for the quick turn around,
Nevertheless, I can see google-http-client is still on 1.43.3, as said in the title this version carries vulnerabilities.
https://central.sonatype.com/artifact/com.google.http-client/google-http-client/1.43.3/dependencies
If you guys can look at it, that would be very much appreciated.
https://github.com/tink-crypto/tink-java-apps/blob/main/maven/tink-java-apps-paymentmethodtoken.pom.xml#L89
Many thanks,
Alexis GAYTE
alexis gayte
unread,
Apr 15, 2025, 11:54:06 AM
Apr 15
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to tink-users
Hi,
Is there any plan to sort out this security vulnerability?
Many thanks,
Alexis GAYTE
Reply all
Reply to author
Forward
0 new messages