[ https://issues.apache.org/jira/browse/CLOUDSTACK-9632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15714694#comment-15714694 ]
ASF GitHub Bot commented on CLOUDSTACK-9632: -------------------------------------------- Github user rhtyd commented on the issue: https://github.com/apache/cloudstack/pull/1799 @jlk thanks for the pointers, I've fixed them. I checked and found the sha-1 usage is only for verification/listing. I also checked the bountycastle is indeed added as a security provider in most places where `SecureRandom` is created and used. > Upgrade bountycastle to 1.55+ > ----------------------------- > > Key: CLOUDSTACK-9632 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9632 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Reporter: Rohit Yadav > Assignee: Rohit Yadav > Fix For: Future, 4.10.0.0 > > > Upgrade bountycastle library to latest versions. -- This message was sent by Atlassian JIRA (v6.3.4#6332)