Could you help upgrade the vulnerble shared library introduced by package ijkplayer-arm64?

[HelenParr]

Hi, @jdpxiaoming , I'd like to report a vulnerability issue in io.github.jdpxiaoming:ijkplayer-arm64:0.0.26.

Issue Description

io.github.jdpxiaoming:ijkplayer-arm64:0.0.26 directly or transitively depends on 3 C libraries (.so). However, I noticed that one C library is vulnerable, containing the following CVEs:

libijkwdzffmpeg.so from C project openssl(version:1.0.2u) exposed 3 vulnerabilities: CVE-2021-3712, CVE-2021-23839, CVE-2020-1968

Suggested Vulnerability Patch Versions

openssl has fixed the vulnerabilities in versions >=1.1.1l

Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects. Could you please upgrade the above shared libraries to their patch versions?

Thanks for your help~ Best regards, Helen Parr