[ https://issues.apache.org/jira/browse/TEZ-4560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shilun Fan updated TEZ-4560: ---------------------------- Description: There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. We can find more information at the following link: [https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70] The link to the CVE is as follows: [CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202] [CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201] We can upgrade bcprov-jdk15on to bcprov-jdk18on to address the CVE issues. was: There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. We can find more information at the following link: [https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70] [CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202] [CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201] > Upgrade bouncycastle to 1.77 due to CVE. > ---------------------------------------- > > Key: TEZ-4560 > URL: https://issues.apache.org/jira/browse/TEZ-4560 > Project: Apache Tez > Issue Type: Improvement > Reporter: Shilun Fan > Assignee: Shilun Fan > Priority: Major > > There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. > We can find more information at the following link: > [https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70] > The link to the CVE is as follows: > [CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202] > [CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201] > We can upgrade bcprov-jdk15on to bcprov-jdk18on to address the CVE issues. -- This message was sent by Atlassian Jira (v8.20.10#820010)