[jira] [Commented] (HIVE-28065) Upgrade Bouncy castle to bcprov-jdk18on 1.77

Ayush Saxena (Jira) Mon, 19 Feb 2024 20:59:05 -0800


    [ 
https://issues.apache.org/jira/browse/HIVE-28065?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17818632#comment-17818632
 ]


Ayush Saxena commented on HIVE-28065:
-------------------------------------

Committed to master.
Thanx [~araika] for the contribution & [~zhangbutao] for the review!!!

> Upgrade Bouncy castle to bcprov-jdk18on 1.77
> --------------------------------------------
>
>                 Key: HIVE-28065
>                 URL: https://issues.apache.org/jira/browse/HIVE-28065
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Araika Singh
>            Assignee: Araika Singh
>            Priority: Major
>              Labels: pull-request-available
>
> For Bouncy Castle for java before 1.74(excluding), it was discovered that 
> there was a potential LDAP injection. During the certificate validation 
> process, bouncycastle used the certificate's "Subject Name" into an LDAP 
> search filter without any escaping.
> https://nvd.nist.gov/vuln/detail/CVE-2023-33201



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (HIVE-28065) Upgrade Bouncy castle to bcprov-jdk18on 1.77

Reply via email to