The onespan Java sdk (sdk-11.51-jar-with-dependencies.jar) contains a version of netty (4.1.74.Final) that has security vulnerability CVE-2022-24823, the sdk-11.51.jar has references to it,  and our company (and clients) won't allow it to be deployed with security vulnerabilities.

Netty has it patched from  Version 4.1.77.Final  onwards.

Can we get a build with the netty patches or is there something else we can do to work around the issue?



Hi Team,

I am trying to fetch a list of transactions that should include the received transaction from other senders which requires the signing.

Unfortunately, I don't see the transactions which are sent by others with the below code,

var packages = _ossClient.PackageService.GetUpdatedPackagesWithinDateRange(status, pageRequest, DateTime.Now.AddDays(-90), DateTime.Now);
while (packages.HasNextPage())
     packages = _ossClient.PackageService.GetPackages(status, packages.NextRequest);

return packages.Results;