contentstack · reeshika-h · Dec 31, 2025 · Dec 31, 2025
@@ -1,5 +1,5 @@
 The MIT License (MIT)
-Copyright © 2012-2025 Contentstack. All Rights Reserved
+Copyright © 2012-2026 Contentstack. All Rights Reserved
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
 associated documentation files (the "Software"), to deal in the Software without restriction,

@@ -39,6 +39,21 @@ dependencies {
     implementation 'androidx.constraintlayout:constraintlayout:2.1.4'
     implementation 'androidx.lifecycle:lifecycle-livedata:2.7.0'
     implementation 'androidx.lifecycle:lifecycle-viewmodel:2.7.0'
+
+    // Security fixes for transitive dependencies
+    // Fix CVE-2022-25647 (Deserialization vulnerability in Gson)
+    implementation 'com.google.code.gson:gson:2.10.1'
+    // Fix CVE-2020-29582 (Information Exposure in kotlin-stdlib)
+    implementation 'org.jetbrains.kotlin:kotlin-stdlib:2.1.0'
+}
+
+// Force all kotlin-stdlib versions to 2.1.0 (fixes CVE-2020-29582 from transitive deps like Realm)
+configurations.all {
+    resolutionStrategy {
+        force 'org.jetbrains.kotlin:kotlin-stdlib:2.1.0'
+        force 'org.jetbrains.kotlin:kotlin-stdlib-jdk7:2.1.0'
+        force 'org.jetbrains.kotlin:kotlin-stdlib-jdk8:2.1.0'
+    }
 }
 
 mavenPublishing {