Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-19024

Use bouncycastle jdk18 1.77

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.5.0, 3.4.1
    • None
    • Reviewed

    Description

      They have stopped patching the JDK 1.5 jars that Hadoop uses (see https://issues.apache.org/jira/browse/HADOOP-18540).

      The new artifacts have similar names - but the names are like bcprov-jdk18on as opposed to bcprov-jdk15on.

      CVE-2023-33201 is an example of a security issue that seems only to be fixed in the JDK 1.8 artifacts (ie no JDK 1.5 jar has the fix).

      https://www.bouncycastle.org/releasenotes.html#r1rv77 latest current release but the CVE was fixed in 1.74.

      Attachments

        Issue Links

          Activity

            People

              pj.fanning PJ Fanning
              fanningpj PJ Fanning
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: