This is an automated email from the ASF dual-hosted git repository. stevel pushed a commit to branch branch-3.3.5 in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/branch-3.3.5 by this push: new a05b01e71f1 HADOOP-17563. Upgrade BouncyCastle to 1.68 (#3980) (#5015) a05b01e71f1 is described below commit a05b01e71f12258bcf4483000d81fe7a996f9dca Author: Steve Loughran <ste...@cloudera.com> AuthorDate: Sat Oct 15 15:09:05 2022 +0100 HADOOP-17563. Upgrade BouncyCastle to 1.68 (#3980) (#5015) Addresses CVE-2020-15522 and CVE-2020-26939. This can break builds with older maven shade plugins or other code using asm.jar which is not aware of recent java bytecodes and/or multi-release JARs. fix: use a later version of asm.jar Contributed by PJ Fanning --- LICENSE-binary | 4 ++-- hadoop-project/pom.xml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/LICENSE-binary b/LICENSE-binary index fcfe9468a14..5f5a5a4b2c0 100644 --- a/LICENSE-binary +++ b/LICENSE-binary @@ -451,8 +451,8 @@ com.microsoft.azure:azure-cosmosdb-gateway:2.4.5 com.microsoft.azure:azure-data-lake-store-sdk:2.3.9 com.microsoft.azure:azure-keyvault-core:1.0.0 com.microsoft.sqlserver:mssql-jdbc:6.2.1.jre7 -org.bouncycastle:bcpkix-jdk15on:1.60 -org.bouncycastle:bcprov-jdk15on:1.60 +org.bouncycastle:bcpkix-jdk15on:1.68 +org.bouncycastle:bcprov-jdk15on:1.68 org.checkerframework:checker-qual:2.5.2 org.checkerframework:checker-qual:3.8.0 org.codehaus.mojo:animal-sniffer-annotations:1.17 diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml index a2857b4e5da..abe9f94e99c 100644 --- a/hadoop-project/pom.xml +++ b/hadoop-project/pom.xml @@ -106,7 +106,7 @@ <guice.version>4.0</guice.version> <joda-time.version>2.9.9</joda-time.version> - <bouncycastle.version>1.60</bouncycastle.version> + <bouncycastle.version>1.68</bouncycastle.version> <!-- Required for testing LDAP integration --> <apacheds.version>2.0.0-M21</apacheds.version> --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org