[ https://issues.apache.org/jira/browse/TEZ-4458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
László Bodor updated TEZ-4458: ------------------------------ Fix Version/s: 0.10.3 > Upgrade Bouncy Castle to 1.70 due to high CVEs > ---------------------------------------------- > > Key: TEZ-4458 > URL: https://issues.apache.org/jira/browse/TEZ-4458 > Project: Apache Tez > Issue Type: Task > Reporter: Mayank Kunwar > Assignee: Mayank Kunwar > Priority: Major > Fix For: 0.10.3 > > Time Spent: 1h 10m > Remaining Estimate: 0h > > CVE-2020-28052 (HIGH severity) - An issue was discovered in Legion of the > Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility > method compared incorrect data when checking the password, allowing incorrect > passwords to indicate they were matching with previously hashed ones that > were different. -- This message was sent by Atlassian Jira (v8.20.10#820010)