CVE-2023-33201 - new Encryption SDK release?

[mrwilby]

This library appears to depend upon a vulnerable release of bouncy castle (BC).

Is it possible to bump the dependencies to a patched BC version and release a new artifact?

https://github.com/bcgit/bc-java/wiki/CVE-2023-33201

[josecorella]

Hello @mrwilby

We have released AWS ESDK Java 2.4.1, which includes an update to the bouncy castle dependency to no longer depend on a vulnerable version.

AWS Crypto Tools