PJ Fanning created HADOOP-19866:
-----------------------------------
Summary: upgrade bouncycastle to 1.84 due to multiple CVEs
Key: HADOOP-19866
URL: https://issues.apache.org/jira/browse/HADOOP-19866
Project: Hadoop Common
Issue Type: Task
Reporter: PJ Fanning
[https://www.bouncycastle.org/download/bouncy-castle-java/#release-notes]
* CVE-2025-14813 - GOSTCTR implementation unable to process more than 255
blocks correctly.
* CVE-2026-0636 - LDAP Injection Vulnerability in LDAPStoreHelper.java.
* CVE-2026-3505 - Unbounded PGP AEAD chunk size leads to pre-auth resource
exhaustion.
* CVE-2026-5588 - PKIX draft CompositeVerifier accepts empty signature
sequence as valid.
* CVE-2026-5598 - Non-constant time comparisons risk private key leakage in
FrodoKEM.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
