Our project's snyk scan started failing due to below Medium severity vulnerability in org.bouncycastle:bcprov-jdk15to18@1.70.
Issues with no direct upgrade or patch:
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-5771489] in org.bouncycastle:bcprov-jdk15to18@1.70
introduced by emailconnectorapp:Implementation@1.0.0 > org.simplejavamail:smime-module@8.0.0 > org.simplejavamail:utils-mail-smime@2.0.1 > org.bouncycastle:bcjmail-jdk15to18@1.70 > org.bouncycastle:bcprov-jdk15to18@1.70 and 2 other path(s)
This issue was fixed in versions: 1.74
Though we are using smime-module version 8.0.0 but I also checked for version 8.1.2 (https://mvnrepository.com/artifact/org.simplejavamail/smime-module/8.1.2) which refers to org.simplejavamail » utils-mail-smime version 2.1.1 which further refers to org.bouncycastle » bcjmail-jdk15to18 version 1.70.
bcjmail-jdk15to18 dependency should be upgraded to 1.75 to remove the vulnerability. Is there any plan for this fix?
Our project's snyk scan started failing due to below Medium severity vulnerability in org.bouncycastle:bcprov-jdk15to18@1.70.
Though we are using smime-module version 8.0.0 but I also checked for version 8.1.2 (https://mvnrepository.com/artifact/org.simplejavamail/smime-module/8.1.2) which refers to org.simplejavamail » utils-mail-smime version 2.1.1 which further refers to org.bouncycastle » bcjmail-jdk15to18 version 1.70.
bcjmail-jdk15to18 dependency should be upgraded to 1.75 to remove the vulnerability. Is there any plan for this fix?