Customers report that CVE-33201  is still not resolved  in API Gateway 10.1 CR03 .

Maven Repository: org.bouncycastle » bcprov-jdk15on » 1.60 (mvnrepository.com)

When will this be resolved ?

Engineering confirmed that gateway does not use the vulnerable code in BouncyCastle's based on the BouncyCastle's description of

https://github.com/bcgit/bc-java/wiki/CVE-2023-33201

it affects X509LDAPCertStoreSpi class only, we do not use this class in gateway.