Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-17563

Update Bouncy Castle to 1.68 or later

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Incompatible change
    • bouncy castle 1.68+ is a multirelease JAR containing java classes compiled for different target JREs. older versions of asm.jar and maven shade plugin may have problems with these. fix: upgrade the dependencies

    Description

      Bouncy Castle 1.60 has Hash Collision Vulnerability. Let's update to 1.68.

      Bouncy Castle 1.60 has the following vulnerabilities. Let's update to 1.68.

      for anyone backporting this, note that recent bouncy castle jars are incompatible with older versions of asm.jar, and so older versions of spark.

      Attachments

        Issue Links

        is blocked by

        Improvement - An improvement or enhancement to an existing feature or task. SPARK-29729 Upgrade ASM to 7.2

        • Major - Major loss of function.
        • Resolved
        is duplicated by

        Bug - A problem which impairs or prevents the functions of the product. HADOOP-17898 Upgrade BouncyCastle to 1.69

        • Major - Major loss of function.
        • Resolved
        is related to

        Sub-task - The sub-task of the issue SPARK-41392 Add `bouncy-castle` test dependencies to `sql/core` module for Hadoop 3.4.0

        • Major - Major loss of function.
        • Resolved

        Improvement - An improvement or enhancement to an existing feature or task. HIVE-26063 Upgrade Apache parent POM to version 25

        • Major - Major loss of function.
        • Open
        relates to

        Bug - A problem which impairs or prevents the functions of the product. BIGTOP-3926 Fix build failure of Hive against Hadoop 3.3.5

        • Major - Major loss of function.
        • Resolved
        links to

        Web Link GitHub Pull Request #2740

        Web Link GitHub Pull Request #3055

        Web Link GitHub Pull Request #3405

        Web Link GitHub Pull Request #5015

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            pj.fanning PJ Fanning
            tasanuma Takanobu Asanuma
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 3h
                3h

                Slack

                  Issue deployment