[jira] [Commented] (RANGER-5336) Upgrade bouncycastle to 1.79 due to CVE-2025-8916 and CVE-2025-8885

Dhaval Shah (Jira) Tue, 28 Oct 2025 23:34:08 -0700


    [ 
https://issues.apache.org/jira/browse/RANGER-5336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18033753#comment-18033753
 ]


Dhaval Shah commented on RANGER-5336:
-------------------------------------

Committed into apache master : 
[https://github.com/apache/ranger/commit/32288bb9fef4659ee80208bfba442f3986c03663]
Thanks

> Upgrade bouncycastle to 1.79 due to CVE-2025-8916 and CVE-2025-8885
> -------------------------------------------------------------------
>
>                 Key: RANGER-5336
>                 URL: https://issues.apache.org/jira/browse/RANGER-5336
>             Project: Ranger
>          Issue Type: Improvement
>          Components: Ranger
>            Reporter: Bhavesh Amre
>            Assignee: Bhavesh Amre
>            Priority: Major
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Upgrade *BouncyCastle* dependencies to version *1.79* from *1.70* in order to 
> address the following security vulnerabilities:
>  * *CVE-2025-8916*
>  * *CVE-2025-8885*
> This upgrade ensures that Ranger is not impacted by the reported issues in 
> earlier versions of BouncyCastle.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-5336) Upgrade bouncycastle to 1.79 due to CVE-2025-8916 and CVE-2025-8885

Reply via email to