Details
-
Sub-task
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Omid has a test dependency on BouncyCastle 1.60 which is vulnerable with following CVEs
Latest being, CVE-2023-33201 with advisory: https://github.com/bcgit/bc-java/wiki/CVE-2023-33201
This JIRA's goal is to fix the following:
- Upgrade to v1.76, the latest version.
- This requires bcprov-jdk15on to be replaced with bcprov-jdk18on
- See https://www.bouncycastle.org/latest_releases.html
Java Version Details With the arrival of Java 15. jdk15 is not quite as unambiguous as it was. The jdk18on jars are compiled to work with anything from Java 1.8 up. They are also multi-release jars so do support some features that were introduced in Java 9, Java 11, and Java 15. If you have issues with multi-release jars see the jdk15to18 release jars below.
Packaging Change (users of 1.70 or earlier): BC 1.71 changed the jdk15on jars to jdk18on so the base has now moved to Java 8. For earlier JVMs, or containers/applications that cannot cope with multi-release jars, you should now use the jdk15to18 jars.
- Exclude bcprov-jdk15on from everywhere else to avoid conflicts with bcprov-jdk18on
Attachments
Issue Links
- links to