[jira] [Commented] (MEECROWAVE-338) move Oauth2Test from sun.security to Bouncycastle
[ https://issues.apache.org/jira/browse/MEECROWAVE-338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17854131#comment-17854131 ] Romain Manni-Bucau commented on MEECROWAVE-338: --- well the CVE will still pop up by external scanners and on maven repository so still > move Oauth2Test from sun.security to Bouncycastle > - > > Key: MEECROWAVE-338 > URL: https://issues.apache.org/jira/browse/MEECROWAVE-338 > Project: Meecrowave > Issue Type: Improvement >Affects Versions: 1.2.15 >Reporter: Mark Struberg >Assignee: Mark Struberg >Priority: Major > Fix For: 1.2.16, 2.0.0 > > > We still use sun.security to generate our key files. We should use > bouncycastle instead. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MEECROWAVE-338) move Oauth2Test from sun.security to Bouncycastle
[ https://issues.apache.org/jira/browse/MEECROWAVE-338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17854092#comment-17854092 ] Mark Struberg commented on MEECROWAVE-338: -- This is just for unit tests. We don't use it for any prod code. Thus it's also just a test dependency and no CVE issue. > move Oauth2Test from sun.security to Bouncycastle > - > > Key: MEECROWAVE-338 > URL: https://issues.apache.org/jira/browse/MEECROWAVE-338 > Project: Meecrowave > Issue Type: Improvement >Affects Versions: 1.2.15 >Reporter: Mark Struberg >Assignee: Mark Struberg >Priority: Major > Fix For: 1.2.16, 2.0.0 > > > We still use sun.security to generate our key files. We should use > bouncycastle instead. -- This message was sent by Atlassian Jira (v8.20.10#820010)