[jira] [Updated] (NIFI-11696) Upgrade Bouncy Castle to 1.74

Matt Burgess (Jira) Thu, 15 Jun 2023 13:35:55 -0700


     [ 
https://issues.apache.org/jira/browse/NIFI-11696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Matt Burgess updated NIFI-11696:
--------------------------------
    Fix Version/s: 2.0.0
                   1.23.0
                       (was: 1.latest)
                       (was: 2.latest)
       Resolution: Fixed
           Status: Resolved  (was: Patch Available)

> Upgrade Bouncy Castle to 1.74
> -----------------------------
>
>                 Key: NIFI-11696
>                 URL: https://issues.apache.org/jira/browse/NIFI-11696
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework, Extensions
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Minor
>              Labels: dependency-upgrade
>             Fix For: 2.0.0, 1.23.0
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> Bouncy Castle [1.74|https://www.bouncycastle.org/releasenotes.html#r1rv74] 
> includes a number of bug fixes and feature improvements over previous 
> versions.
> Bouncy Castle 1.72 and 1.73 included the defunct SIKE algorithm, which added 
> multiple megabytes to the provider library. Version 1.74 removed this 
> algorithm, minimizing the size impact of the new version.
> Bouncy Castle 1.74 also resolves CVE-2023-33201 related to LDAP certificate 
> store handling. Apache NiFi does not use the X509LDAPCertStoreSpi class.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (NIFI-11696) Upgrade Bouncy Castle to 1.74

Reply via email to