[TEZ-4158] Change to a maintained bouncy castle version - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.10.0, 0.9.3
Component/s: None
Labels:
None

Description

The outdated bcprov-jdk16 (which is full of vulnerabilities) triggers blackduck alerts, however, it's used only in test scope since ~~TEZ-1832~~. The currently maintained artifact is bcprov-jdk15on, which covers current JDK versions up to JDK11.
So if tests (TestSecureShuffle) still pass, let's upgrade test scoped bouncy castle.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

TEZ-4158.01.patch
27/Apr/20 11:55
0.8 kB
László Bodor
TEZ-4158.01.patch
27/Apr/20 15:51
0.8 kB
László Bodor

Activity

People

Assignee:: László Bodor

Reporter:: László Bodor

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 27/Apr/20 11:52

Updated:: 28/Apr/20 15:41

Resolved:: 28/Apr/20 15:41