[jira] [Work logged] (HADOOP-17563) Update Bouncy Castle to 1.68 or later

Tue, 08 Feb 2022 03:56:06 -0800 


     [ 
https://issues.apache.org/jira/browse/HADOOP-17563?focusedWorklogId=722755&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-722755
 ]

ASF GitHub Bot logged work on HADOOP-17563:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 08/Feb/22 11:55
            Start Date: 08/Feb/22 11:55
    Worklog Time Spent: 10m 
      Work Description: pjfanning commented on pull request #3405:
URL: https://github.com/apache/hadoop/pull/3405#issuecomment-1032526803


   @amahussein would it be possible to rebase this? It's not a big deal but 
bouncycastle 1.70 is now latest version but it may not be worthwhile using that.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 722755)
    Time Spent: 2h 50m  (was: 2h 40m)

> Update Bouncy Castle to 1.68 or later
> -------------------------------------
>
>                 Key: HADOOP-17563
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17563
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: build
>    Affects Versions: 3.3.1
>            Reporter: Takanobu Asanuma
>            Assignee: Takanobu Asanuma
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 2h 50m
>  Remaining Estimate: 0h
>
> -Bouncy Castle 1.60 has Hash Collision Vulnerability. Let's update to 1.68.-
> Bouncy Castle 1.60 has the following vulnerabilities. Let's update to 1.68.
>  * [https://nvd.nist.gov/vuln/detail/CVE-2020-26939]
>  * [https://nvd.nist.gov/vuln/detail/CVE-2020-28052]
>  * [https://nvd.nist.gov/vuln/detail/CVE-2020-15522]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to