Current SDK has Dependencies Vulnerabilities!

[lucarosato1]

Seems that you're using a dependency that was deprecated since 2015 and has some vulnerabilities:

Here you can see the vulnerability impact: https://devhub.checkmarx.com/cve-details/Cx78f40514-81ff/ (reported in 2018)

The fix would be removing that commons-collections that is outdated, watch this:

Font: https://mvnrepository.com/artifact/commons-collections/commons-collections

They suggested us to use this instead (currently I'm doing the workaround of excluding that dep from your SDK and added the new one)

<!-- https://mvnrepository.com/artifact/org.apache.commons/commons-collections4 -->
<dependency>
	<groupId>org.apache.commons</groupId>
	<artifactId>commons-collections4</artifactId>
	<version>4.4</version>
</dependency>

Hope you read this!

[danielen-meli]

Hi @lucarosato1,

Thank you very much for contacting us!
We will review your request and, if it makes sense, add it to our backlog so that it can be implemented.
If you wish to contribute directly to the code, we also accept contributions in the format of Pull Requests.

Thank you very much for your contact!