[
https://issues.apache.org/jira/browse/TEZ-4560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shilun Fan updated TEZ-4560:
----------------------------
Description:
There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. We
can find more information at the following link:
[https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70]
The link to the CVE is as follows:
[CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202]
[CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201]
We can upgrade bcprov-jdk15on to bcprov-jdk18on to address the CVE issues.
was:
There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. We
can find more information at the following link:
[https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70]
[CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202]
[CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201]
> Upgrade bouncycastle to 1.77 due to CVE.
> ----------------------------------------
>
> Key: TEZ-4560
> URL: https://issues.apache.org/jira/browse/TEZ-4560
> Project: Apache Tez
> Issue Type: Improvement
> Reporter: Shilun Fan
> Assignee: Shilun Fan
> Priority: Major
>
> There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201.
> We can find more information at the following link:
> [https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70]
> The link to the CVE is as follows:
> [CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202]
> [CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201]
> We can upgrade bcprov-jdk15on to bcprov-jdk18on to address the CVE issues.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
