[ 
https://issues.apache.org/jira/browse/TEZ-4560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Shilun Fan updated TEZ-4560:
----------------------------
    Description: 
There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. We 
can find more information at the following link:

[https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70]

The link to the CVE is as follows: 

[CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202]
[CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201]

We can upgrade bcprov-jdk15on to bcprov-jdk18on to address the CVE issues.

  was:
There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. We 
can find more information at the following link:

[https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70]

 

[CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202]
[CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201]


> Upgrade bouncycastle to 1.77 due to CVE.
> ----------------------------------------
>
>                 Key: TEZ-4560
>                 URL: https://issues.apache.org/jira/browse/TEZ-4560
>             Project: Apache Tez
>          Issue Type: Improvement
>            Reporter: Shilun Fan
>            Assignee: Shilun Fan
>            Priority: Major
>
> There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. 
> We can find more information at the following link:
> [https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70]
> The link to the CVE is as follows: 
> [CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202]
> [CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201]
> We can upgrade bcprov-jdk15on to bcprov-jdk18on to address the CVE issues.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to