Headline
CVE-2022-1279: Release EBICS Java Version 1.2 · ebics-java/ebics-java-client
A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2.
A new release including a bugfix for the nonce / key generation.
The vulnerability CVE-2022-1279 is fixed in this release (Link to details is coming soon)
allprojects {
repositories {
...
maven { url 'https://jitpack.io' }
}
}
dependencies {
implementation 'com.github.ebics-java:ebics-java-client:1.2'
}