Security vulnerability found

[Ashu9997]

We are getting these Security vulnerability from VAPT .

1:

"SHA-1 is a weak hash known to have hash collisions
com/pubnub/api/vendor/FileEncryptionUtil.java

2:

Files may contain hardcoded sensitive information like usernames, passwords,
keys etc.
warning
CWE: CWE-312: Cleartext Storage of Sensitive Information
OWASP Top 10: M9: Reverse Engineering
OWASP MASVS: MSTG-STORAGE-14
Show Files
com/pubnub/api/models/consumer/PNStatus.java
com/pubnub/api/models/consumer/access_manager/
PNAccessManagerGrantResult.java
com/pubnub/api/models/server/SubscribeMessage.java
com/pubnub/api/models/server/files/FormField.java

Currently Using implementation 'com.pubnub:pubnub-gson:6.3.6 In android native app.

Is these issues fixed already in any new release or is there any plan to fix these in upcoming releases ?
How can i solve this ?

[parfeon]

Than you for reaching us out.

There probably something is wrong with approaches used in VAPT because:

• there is no hashing libraries used in FileEncryptionUtil.java
• mentioned files with "hardcoded" data doesn't contain any data and are plain regular data models.

There is a disclaimer at the top of the README.md file which tells that this version of the library not supported anymore and further development happens in PubNub Kotlin SDK repository.