Uploaded image for project: 'Flume'
  1. Flume
  2. FLUME-3129

Upgrade bouncycastle library dependencies

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Critical
    • Resolution: Unresolved
    • 1.7.0
    • 1.8.1
    • None

    Description

      Group Artifact Version used Upgrade target
      org.bouncycastle bcprov-jdk15 1.45 1.57
      org.bouncycastle bcmail-jdk15 1.45 1.57

      Security vulnerability: https://www.cvedetails.com/vulnerability-list/vendor_id-7637/Bouncycastle.html
      Maven repository: https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15

      Please do:

      • CVE might be a false alarm or mistake. Please double check.
      • double check the newest version.
      • consider to remove a dependency if better alternative is available.
      • check whether the lib change would introduce a backward incompatibility (in which case please add this label `breaking_change` and fix version should be the next major)

      Excerpt from mvn dependency:tree

      org.apache.flume.flume-ng-sinks:flume-ng-morphline-solr-sink:jar:1.8.0-SNAPSHOT
      +- org.kitesdk:kite-morphlines-all:pom:1.0.0:compile
      |  +- org.kitesdk:kite-morphlines-solr-cell:jar:1.0.0:compile
      |  |  +- org.apache.tika:tika-xmp:jar:1.5:compile
      |  |  |  +- org.apache.tika:tika-parsers:jar:1.5:compile
      |  |  |  |  +- org.bouncycastle:bcmail-jdk15:jar:1.45:compile
      |  |  |  |  +- org.bouncycastle:bcprov-jdk15:jar:1.45:compile
      

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              sati Attila Simon
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: