(bookkeeper) branch master updated: Bump bouncycastl version from 1.75 to 1.78 (#4295)

Fri, 19 Apr 2024 17:07:15 -0700 

This is an automated email from the ASF dual-hosted git repository.

shoothzj pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new 2b25f45e08 Bump bouncycastl version from 1.75 to 1.78 (#4295)
2b25f45e08 is described below

commit 2b25f45e083ae8c925b06498e02dabaf3f36eaee
Author: ZhangJian He <[email protected]>
AuthorDate: Sat Apr 20 08:07:06 2024 +0800

    Bump bouncycastl version from 1.75 to 1.78 (#4295)
    
    ### Motivation
    
    Upgrade Bouncy Castle to 1.78 to address CVEs
    https://bouncycastle.org/releasenotes.html#r1rv78
    
    - https://www.cve.org/CVERecord?id=CVE-2024-29857 (reserved)
      - https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-6613079
    - https://www.cve.org/CVERecord?id=CVE-2024-30171 (reserved)
      - https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-6613076
    - https://www.cve.org/CVERecord?id=CVE-2024-30172 (reserved)
      - https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-6612984
    Signed-off-by: ZhangJian He <[email protected]>
---
 pom.xml                                   | 1 +
 tests/backward-compat/bc-non-fips/pom.xml | 3 ---
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index d0e8fed118..dadcce1e8e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -117,6 +117,7 @@
     <!-- dependencies -->
     <arquillian-cube.version>1.18.2</arquillian-cube.version>
     <arquillian-junit.version>1.8.0.Final</arquillian-junit.version>
+    <bc-non-fips.version>1.78</bc-non-fips.version>
     <codahale.metrics.version>3.0.1</codahale.metrics.version>
     <commons-cli.version>1.2</commons-cli.version>
     <commons-collections4.version>4.1</commons-collections4.version>
diff --git a/tests/backward-compat/bc-non-fips/pom.xml 
b/tests/backward-compat/bc-non-fips/pom.xml
index d66ee4da9a..9c7afb4049 100644
--- a/tests/backward-compat/bc-non-fips/pom.xml
+++ b/tests/backward-compat/bc-non-fips/pom.xml
@@ -28,9 +28,6 @@
   <artifactId>bc-non-fips</artifactId>
   <packaging>jar</packaging>
   <name>Apache BookKeeper :: Tests :: Backward Compatibility :: Test Bouncy 
Castle Provider load non FIPS version</name>
-  <properties>
-    <bc-non-fips.version>1.75</bc-non-fips.version>
-  </properties>
 
   <dependencies>
     <dependency>

Reply via email to