[HBASE-28552] Bump up bouncycastle dependency from 1.76 to 1.78 - ASF JIRA

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.6.0, 2.4.18, 3.0.0-beta-2, 2.5.9
Component/s: dependencies, security
Labels:
- pull-request-available

Hadoop Flags:

Reviewed
Release Note:

Hide
Bump bouncycastle dependency from 1.76 to 1.78 for addressing several CVEs

CVE-2024-29857
CVE-2024-30171
CVE-2024-30172
CVE-2024-301XX(Full CVE Code not available yet)

Show
Bump bouncycastle dependency from 1.76 to 1.78 for addressing several CVEs CVE-2024-29857 CVE-2024-30171 CVE-2024-30172 CVE-2024-301XX(Full CVE Code not available yet)

Description

org.bouncycastle : bcprov-jdk18on : 1.76 to be upgraded to latest org.bouncycastle : bcprov-jdk18on : 1.78

Refer link org.bouncycastle

Attachments

Issue Links

Add Link

links to

GitHub Pull Request #5854

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Nikita Pande

Reporter:: Nikita Pande

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 25/Apr/24 10:12

Updated:: 27/Apr/24 09:46

Resolved:: 26/Apr/24 07:24

Agile

Slack

Issue deployment