-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump Adyen 3DS2 to v2.2.16+ to solve CVE-2023-33201 #1557
Comments
Additionally, would it be possible to include the fix also in the 4.x.x version? It would be helpful to not be forced to upgrade to a new major version immediately. Thank you for understanding! |
Hi @igortepavac, thanks for reaching out! We are already working on this, we'll update this issue once we have a solution. |
Hi @igortepavac, |
@igortepavac we just released 4.13.5 to address this issue. The v5 release will follow later. |
Thank you everyone! |
Hi, could you please update the Adyen 3DS2 dependency to v2.2.16? It contains a newer version of the Bouncy Castle library (v1.77) which contains a fix for CVE-2023-33201.
The vulnerability was already mentioned in Adyen/adyen-3ds2-android#63.
Thank you!
The text was updated successfully, but these errors were encountered: