[
https://issues.apache.org/jira/browse/TIKA-4099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17742850#comment-17742850
]
Tilman Hausherr commented on TIKA-4099:
---------------------------------------
It's at 1.75 in the repository.
> Upgrade Bouncy Castle to 1.74
> -----------------------------
>
> Key: TIKA-4099
> URL: https://issues.apache.org/jira/browse/TIKA-4099
> Project: Tika
> Issue Type: Task
> Affects Versions: 2.8.0
> Reporter: Nicolò Mendola
> Priority: Major
>
> Could you please Upgrade Bouncy Castle Dependency to Version 1.74? due to
> following CVE Alert:
> {code:java}
> ┌───────────────────────────────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────────┐
> │ Library │ Vulnerability │ Severity │
> Installed Version │ Fixed Version │ Title
> │
> ├───────────────────────────────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────────┤
> │ org.bouncycastle:bcprov-jdk18on │ CVE-2023-33201 │ MEDIUM │
> 1.73 │ 1.74 │ potential blind LDAP injection attack
> using a self-signed │
> │ │ │ │
> │ │ certificate
> │
> │ │ │ │
> │ │ https://avd.aquasec.com/nvd/cve-2023-33201
> │
> └───────────────────────────────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────────┘{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
