Home > Blockchain >  How to upgrade commons-codec 1.11 used by aws-sdk:ssm in gradle Java
How to upgrade commons-codec 1.11 used by aws-sdk:ssm in gradle Java

Time:07-22

As part of security scan this vulnerability is shown with commons-codec 1.11 (which needs to be upgraded with 1.13), but this dependency is pulled down by aws-sdk:ssm -> httpclient -> commons-codec

i am looking for work-around, i understand the proper fix needs to be done by aws-sdk:ssm

is there a way to resolve it ? i already upgraded latest aws-sdk, but it is still using old version

implementation platform('software.amazon.awssdk:bom:2.17.230')
implementation 'software.amazon.awssdk:regions'
implementation 'software.amazon.awssdk:ssm'

enter image description here

CodePudding user response:

Use strictly version option to override the version present in the final package

implementation('commons-codec:commons-codec') {
    version {
        strictly '1.15'
    }
}

after this config, the final package zip contains codec 1.15, not 1.11 which was referenced in httpClient, it worked without any issues, but it will break if there is any breaking changes between the versions

Ref: https://docs.gradle.org/current/userguide/dependency_downgrade_and_exclude.html

  • Related