This is an automated email from the ASF dual-hosted git repository. nihaljain pushed a commit to branch branch-2.4 in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2.4 by this push: new a9e4c7b27db HBASE-28089 Upgrade BouncyCastle to fix CVE-2023-33201 (#5423) a9e4c7b27db is described below commit a9e4c7b27dbd6725c3543ea24570bf3d83571431 Author: Nihal Jain <nihalj...@apache.org> AuthorDate: Sat Sep 23 22:52:27 2023 +0530 HBASE-28089 Upgrade BouncyCastle to fix CVE-2023-33201 (#5423) - Upgrades to v1.76, i.e. the latest version - Replaces *-jdk15on with *-jdk18on - Excludes *-jdk15on, *-jdk15 from everywhere else, to avoid conflicts with *-jdk18on - Add bcprov-jdk18on to hbase-mapreduce as few tests need this dependency Signed-off-by: Duo Zhang <zhang...@apache.org> --- hbase-asyncfs/pom.xml | 2 +- hbase-endpoint/pom.xml | 2 +- hbase-examples/pom.xml | 2 +- hbase-http/pom.xml | 2 +- hbase-mapreduce/pom.xml | 5 ++++ .../src/main/resources/supplemental-models.xml | 4 +-- hbase-rest/pom.xml | 2 +- hbase-server/pom.xml | 2 +- pom.xml | 33 ++++++++++++++++++++-- 9 files changed, 44 insertions(+), 10 deletions(-) diff --git a/hbase-asyncfs/pom.xml b/hbase-asyncfs/pom.xml index 6d124854b52..4c24b64a08d 100644 --- a/hbase-asyncfs/pom.xml +++ b/hbase-asyncfs/pom.xml @@ -75,7 +75,7 @@ </dependency> <dependency> <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk15on</artifactId> + <artifactId>bcprov-jdk18on</artifactId> <scope>test</scope> </dependency> <dependency> diff --git a/hbase-endpoint/pom.xml b/hbase-endpoint/pom.xml index badd1a36eb8..e4326049a31 100644 --- a/hbase-endpoint/pom.xml +++ b/hbase-endpoint/pom.xml @@ -111,7 +111,7 @@ </dependency> <dependency> <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk15on</artifactId> + <artifactId>bcprov-jdk18on</artifactId> <scope>test</scope> </dependency> <dependency> diff --git a/hbase-examples/pom.xml b/hbase-examples/pom.xml index 5a65fc4a6f0..6a8dd2d9745 100644 --- a/hbase-examples/pom.xml +++ b/hbase-examples/pom.xml @@ -156,7 +156,7 @@ </dependency> <dependency> <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk15on</artifactId> + <artifactId>bcprov-jdk18on</artifactId> <scope>test</scope> </dependency> <dependency> diff --git a/hbase-http/pom.xml b/hbase-http/pom.xml index 546ebd69f02..8f8e52d7353 100644 --- a/hbase-http/pom.xml +++ b/hbase-http/pom.xml @@ -94,7 +94,7 @@ </dependency> <dependency> <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk15on</artifactId> + <artifactId>bcprov-jdk18on</artifactId> <scope>test</scope> </dependency> <dependency> diff --git a/hbase-mapreduce/pom.xml b/hbase-mapreduce/pom.xml index f3befbe62fe..deed5f7de36 100644 --- a/hbase-mapreduce/pom.xml +++ b/hbase-mapreduce/pom.xml @@ -356,6 +356,11 @@ <artifactId>javax.ws.rs-api</artifactId> <scope>test</scope> </dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk18on</artifactId> + <scope>test</scope> + </dependency> </dependencies> </profile> diff --git a/hbase-resource-bundle/src/main/resources/supplemental-models.xml b/hbase-resource-bundle/src/main/resources/supplemental-models.xml index 21ada4c9d9a..6a36b86dbc7 100644 --- a/hbase-resource-bundle/src/main/resources/supplemental-models.xml +++ b/hbase-resource-bundle/src/main/resources/supplemental-models.xml @@ -1316,10 +1316,10 @@ under the License. <supplement> <project> <groupId>org.bouncycastle</groupId> - <artifactId>bcpkix-jdk15on</artifactId> + <artifactId>bcpkix-jdk18on</artifactId> <licenses> - <!-- bcpkix-jdk15on is licensed under the Bouncy Castle License, which is equivalent to the MIT License --> + <!-- bcpkix-jdk18on is licensed under the Bouncy Castle License, which is equivalent to the MIT License --> <license> <name>MIT License</name> <url>http://www.opensource.org/licenses/mit-license.php</url> diff --git a/hbase-rest/pom.xml b/hbase-rest/pom.xml index 1cdfba4a096..2a295d3cd5a 100644 --- a/hbase-rest/pom.xml +++ b/hbase-rest/pom.xml @@ -236,7 +236,7 @@ <!--Test--> <dependency> <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk15on</artifactId> + <artifactId>bcprov-jdk18on</artifactId> <scope>test</scope> </dependency> <dependency> diff --git a/hbase-server/pom.xml b/hbase-server/pom.xml index 4362d002a41..3487b0b5d10 100644 --- a/hbase-server/pom.xml +++ b/hbase-server/pom.xml @@ -251,7 +251,7 @@ </dependency> <dependency> <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk15on</artifactId> + <artifactId>bcprov-jdk18on</artifactId> <scope>test</scope> </dependency> <dependency> diff --git a/pom.xml b/pom.xml index f64e3cd09bb..002f2f690fd 100755 --- a/pom.xml +++ b/pom.xml @@ -599,7 +599,7 @@ <joni.version>2.1.31</joni.version> <jcodings.version>1.0.55</jcodings.version> <spy.version>2.12.2</spy.version> - <bouncycastle.version>1.70</bouncycastle.version> + <bouncycastle.version>1.76</bouncycastle.version> <skyscreamer.version>1.5.1</skyscreamer.version> <kerby.version>1.0.1</kerby.version> <commons-crypto.version>1.0.0</commons-crypto.version> @@ -1301,7 +1301,7 @@ </dependency> <dependency> <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk15on</artifactId> + <artifactId>bcprov-jdk18on</artifactId> <version>${bouncycastle.version}</version> <scope>test</scope> </dependency> @@ -1968,6 +1968,23 @@ </rules> </configuration> </execution> + <execution> + <id>banned-bouncycastle-jdk15on</id> + <goals> + <goal>enforce</goal> + </goals> + <configuration> + <rules> + <bannedDependencies> + <excludes> + <exclude>org.bouncycastle:*-jdk15on</exclude> + </excludes> + <message>Use org.bouncycastle:*-jdk18on instead</message> + <searchTransitive>true</searchTransitive> + </bannedDependencies> + </rules> + </configuration> + </execution> <execution> <id>check-aggregate-license</id> <goals> @@ -3523,6 +3540,10 @@ <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> + <exclusion> + <groupId>bouncycastle</groupId> + <artifactId>bcprov-jdk15</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -4091,6 +4112,14 @@ <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + </exclusion> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bcpkix-jdk15on</artifactId> + </exclusion> </exclusions> </dependency> <dependency>