[QUESTION] Any plans to use aws-sdk-java V2?

[Alex-Wenner-FHR]

I am wondering if there are any plans to upgrade the pom.xml to use aws-sdk-java-v2 found here?

I see that there are known vulnerabilities on aws-java-sdk-core:1.12.437.

After reading a bit, I found this issue where the AWS team says that they are not focused on v1 and rather have shifted focus to V2. See this issue

Does the team have any thoughts on this? Thanks!

[disa6302]

@Alex-Wenner-FHR ,

Moving to aws-sdk-java-v2 would be a bigger task and would require a lot of testing to ensure our SDK does not break. Will update the thread when we have more details.

[Alex-Wenner-FHR]

@disa6302 thanks for the follow up. Are these vulnerabilities false positives or are they actually known real issues? Trying to understand the risk associated here for I am not super in touch with the security side of things.

[hassanctech]

I am working on this, there is currently a blocking issue: https://github.com/aws/aws-sdk-java-v2/issues/1330 Once this is resolved I should be able to complete the update. Unfortunately I do not have a date for this at the moment.