stripe-android icon indicating copy to clipboard operation
stripe-android copied to clipboard
verified publisher icon stripe

Update com.nimbusds:nimbus-jose-jwt to address vulnerability

Open benkay opened this issue 1 year ago • 1 comments

Our security team flagged com.nimbusds:nimbus-jose-jwt as having a known vulnerability. Looks like the 3ds2 dependency depends on an old version (9.21).

I assume it's safe to force the latest version (9.40) ourselves, but it would be helpful if it was updated within this SDK so we can be sure there are no compatibility issues.

benkay avatar Jul 29 '24 13:07 benkay

Hi @benkay

This is on our list to update.

In the meantime, you can depend on a newer version directly in your build.gradle, which will transitively update the version, and no longer have a vulnerability listed.

jaynewstrom-stripe avatar Aug 16 '24 14:08 jaynewstrom-stripe