Security and trust from Google play for contentEncryptionKeyAlgorithm
Issue #213
closed
Google Play Console has identified a security and trust issue in this class: org.jose4j.jwe.ContentEncryptionKeyDescriptor
pointing to the String variable contentEncryptionKeyAlgorithm
in jose4j version 0.7.9. It looks strange since this variable is not assigned with any static keys.
Comments (5)
-
reporter -
repo owner - changed status to open
-
reporter - edited description
-
reporter It seems that updating jose4j from version 0.7.9 to 0.9.3 fixed this issue.
This issue can be closed, thanks. -
repo owner - changed status to closed
- Log in to comment