[
https://issues.apache.org/jira/browse/TOMEE-4336?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Markus Jung resolved TOMEE-4336.
--------------------------------
Resolution: Fixed
> Upgrade bcprov-jdk15to18-1.76.jar and bcpkix-jdk15to18-1.76.jar
> ---------------------------------------------------------------
>
> Key: TOMEE-4336
> URL: https://issues.apache.org/jira/browse/TOMEE-4336
> Project: TomEE
> Issue Type: Dependency upgrade
> Components: TomEE Core Server
> Affects Versions: 9.1.3
> Reporter: RAJU THANNEERU
> Assignee: Markus Jung
> Priority: Major
> Fix For: 9.1.4
>
>
> New vulnerabilities in bcprov-jdk15to18-1.76.jar and bcpkix-jdk15to18-1.76.jar
> Looks like these are already addressed in 1.78 version, so upgrade to 1.78 or
> 1.78.1
> *bcprov-jdk15to18-1.76.jar*
> |[CVE-2024-29857|https://nvd.nist.gov/vuln/detail/CVE-2024-29857]|
> |[CVE-2024-30171|https://nvd.nist.gov/vuln/detail/CVE-2024-30171]|
> |[CVE-2024-30172|https://nvd.nist.gov/vuln/detail/CVE-2024-30172]|
> |[CVE-2024-34447|https://nvd.nist.gov/vuln/detail/CVE-2024-34447]|
> *bcpkix-jdk15to18-1.76.jar*
> |[CVE-2024-29857|https://nvd.nist.gov/vuln/detail/CVE-2024-29857]|
> |[CVE-2024-30171|https://nvd.nist.gov/vuln/detail/CVE-2024-30171]|
> |[CVE-2024-30172|https://nvd.nist.gov/vuln/detail/CVE-2024-30172]|
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
