- Advisories: GO-2022-0635, GO-2022-0646 (AWS S3 Crypto client-side encryption flaws)
- Impact Scope: affects packages
s3crypto/s3/encryption; Compozy does not invoke these modules. - Mitigation: storage interactions rely on server-side encryption; no client-side encryption helpers are linked into binaries.
- Verification:
rg "s3crypto" -nandrg "s3/encryption" -nreturn no matches in the repository (checked 2025-10-27). - Action: continue monitoring upstream advisories; upgrade or disable the dependency if future releases require the S3 Crypto helpers.