com.google.crypto.tink version 1.12.1 still use google-http-client 1.43.3 which has dependencies vulnerability

30 views
Skip to first unread message

alexis gayte

unread,
Apr 5, 2025, 8:02:21 AMApr 5
to tink-users
Hi Here,
Thanks for the quick turn around,

Nevertheless, I can see google-http-client is still on 1.43.3, as said in the title this version carries vulnerabilities.
https://central.sonatype.com/artifact/com.google.http-client/google-http-client/1.43.3/dependencies

If you guys can look at it, that would be very much appreciated.

Many thanks,
Alexis GAYTE

alexis gayte

unread,
Apr 15, 2025, 11:54:06 AMApr 15
to tink-users
Hi,

Is there any plan to sort out this security vulnerability?

Many thanks,
Alexis GAYTE


Reply all
Reply to author
Forward
0 new messages