name: Bug report
about: Request to fix CVE-2025-14763
title: "[BUG] Fix CVE-2025-14763 by bumping version of s3-client library"
labels: bug
assignees: smiklosovic
Describe the bug
ESOP v4.0.1 uses software.amazon.encryption.s3:amazon-s3-encryption-client-java v3.4.0, which has CVE-2025-14763 vulnerability. The vulnerability is fixed in s3-client v4.0.0, but requires code changes.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
System and versions (please complete the following information):
Additional context
Add any other context about the problem here.
name: Bug report
about: Request to fix CVE-2025-14763
title: "[BUG] Fix CVE-2025-14763 by bumping version of s3-client library"
labels: bug
assignees: smiklosovic
Describe the bug
ESOP v4.0.1 uses
software.amazon.encryption.s3:amazon-s3-encryption-client-javav3.4.0, which has CVE-2025-14763 vulnerability. The vulnerability is fixed in s3-client v4.0.0, but requires code changes.To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
System and versions (please complete the following information):
Additional context
Add any other context about the problem here.