[
https://issues.apache.org/jira/browse/TEZ-4458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
László Bodor updated TEZ-4458:
------------------------------
Fix Version/s: 0.10.3
> Upgrade Bouncy Castle to 1.70 due to high CVEs
> ----------------------------------------------
>
> Key: TEZ-4458
> URL: https://issues.apache.org/jira/browse/TEZ-4458
> Project: Apache Tez
> Issue Type: Task
> Reporter: Mayank Kunwar
> Assignee: Mayank Kunwar
> Priority: Major
> Fix For: 0.10.3
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> CVE-2020-28052 (HIGH severity) - An issue was discovered in Legion of the
> Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility
> method compared incorrect data when checking the password, allowing incorrect
> passwords to indicate they were matching with previously hashed ones that
> were different.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
