Potential secutiry vulnerability in the shared library which paymentsdk depends on. Can you help upgrade to patch versions?

[HelenParr]

Hi, @ecunado , @handpoint-jenkins , I'd like to report a vulnerability issue in com.handpoint.api:paymentsdk:6.6.7.

Issue Description

com.handpoint.api:paymentsdk:6.6.7 directly or transitively depends on 159 C libraries (.so) cross many platforms(such as arm64, armeabi-v7a). However, I noticed that one C library is vulnerable, containing the following CVEs:

libIGLBarDecoder.so from C project openssl(version:1.0.2m) exposed 4 vulnerabilities:
CVE-2021-3712, CVE-2020-1968, CVE-2017-3738, CVE-2019-1552

Suggested Vulnerability Patch Versions

openssl has fixed the vulnerabilities in versions >=1.1.1l

Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects.
Could you please upgrade the above shared libraries to their patch versions?

Thanks for your help~
Best regards,
Helen Parr