Forums
The onespan Java sdk (sdk-11.51-jar-with-dependencies.jar) contains a version of netty (4.1.74.Final) that has security vulnerability CVE-2022-24823, the sdk-11.51.jar has references to it, and our company (and clients) won't allow it to be deployed with security vulnerabilities.
Netty has it patched from Version 4.1.77.Final onwards.
Can we get a build with the netty patches or is there something else we can do to work around the issue?
- Read more about CVE-2022-24823 onespan Java sdk
- 1 comment
- Log in or register to post comments
- 52 views