[jira] [Work started] (HIVE-28065) Upgrade Bouncy castle to bcprov-jdk18on 1.77

Araika Singh (Jira) Wed, 07 Feb 2024 04:10:06 -0800


     [ 
https://issues.apache.org/jira/browse/HIVE-28065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Work on HIVE-28065 started by Araika Singh.
-------------------------------------------
> Upgrade Bouncy castle to bcprov-jdk18on 1.77
> --------------------------------------------
>
>                 Key: HIVE-28065
>                 URL: https://issues.apache.org/jira/browse/HIVE-28065
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Araika Singh
>            Assignee: Araika Singh
>            Priority: Major
>              Labels: pull-request-available
>
> For Bouncy Castle for java before 1.74(excluding), it was discovered that 
> there was a potential LDAP injection. During the certificate validation 
> process, bouncycastle used the certificate's "Subject Name" into an LDAP 
> search filter without any escaping.
> https://nvd.nist.gov/vuln/detail/CVE-2023-33201



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work started] (HIVE-28065) Upgrade Bouncy castle to bcprov-jdk18on 1.77

Reply via email to