The latest v21.7.1 release is from 4 years ago & has several open security vulnerabilities (which appear to have been fixed in master already). Just need a new release created & uploaded to mvnrepository to resolve the vulnerabilities.
| v21.7.1 CVE |
v21.7.1 problem dependency |
master version |
| CVE-2014-4043 |
org.web3j:core:4.6.0 > jnr-posix-3.0.47.jar
|
implementation 'org.web3j:core:4.6.0' |
|
YES? - org.web3j:core:4.11.0 > no more jnr-posix-3.0.47.jar
|
implementation 'org.web3j:core:4.11.0' |
|
| CVE-2020-28052 |
org.web3j:core:4.6.0 > org.java-websocket:Java-WebSocket:jar:1.3.8 |
YES? - org.web3j:core:4.11.0 > org.java-websocket:Java-WebSocket:jar:1.5.3 |
For reference, here are some related prior issues regarding security vulnerabilities / release process which I found:
The latest v21.7.1 release is from 4 years ago & has several open security vulnerabilities (which appear to have been fixed in master already). Just need a new release created & uploaded to mvnrepository to resolve the vulnerabilities.
org.web3j:core:4.6.0>jnr-posix-3.0.47.jarautobahn-java/autobahn/build.gradle
Line 34 in d9a591c
jnr-posix-3.0.47.jarautobahn-java/autobahn/build.gradle
Line 35 in 5f13baa
org.web3j:core:4.6.0>org.java-websocket:Java-WebSocket:jar:1.3.8org.java-websocket:Java-WebSocket:jar:1.5.3For reference, here are some related prior issues regarding security vulnerabilities / release process which I found: