[jira] [Resolved] (HIVE-28065) Upgrade Bouncy castle to bcprov-jdk18on 1.77

Ayush Saxena (Jira) Mon, 19 Feb 2024 20:59:03 -0800


     [ 
https://issues.apache.org/jira/browse/HIVE-28065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ayush Saxena resolved HIVE-28065.
---------------------------------
    Fix Version/s: 4.1.0
       Resolution: Fixed

> Upgrade Bouncy castle to bcprov-jdk18on 1.77
> --------------------------------------------
>
>                 Key: HIVE-28065
>                 URL: https://issues.apache.org/jira/browse/HIVE-28065
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Araika Singh
>            Assignee: Araika Singh
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 4.1.0
>
>
> For Bouncy Castle for java before 1.74(excluding), it was discovered that 
> there was a potential LDAP injection. During the certificate validation 
> process, bouncycastle used the certificate's "Subject Name" into an LDAP 
> search filter without any escaping.
> https://nvd.nist.gov/vuln/detail/CVE-2023-33201



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (HIVE-28065) Upgrade Bouncy castle to bcprov-jdk18on 1.77

Reply via email to