Robert Kanter created YARN-8857: ----------------------------------- Summary: Upgrade BouncyCastle Key: YARN-8857 URL: https://issues.apache.org/jira/browse/YARN-8857 Project: Hadoop YARN Issue Type: Improvement Affects Versions: 3.2.0 Reporter: Robert Kanter Assignee: Robert Kanter
As part of my work on YARN-6586, I noticed that we're using a very old version of BouncyCastle: {code:xml} <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk16</artifactId> <version>1.46</version> <scope>test</scope> </dependency> {code} The *-jdk16 artifacts have been discontinued and are not recommended (see [http://bouncy-castle.1462172.n4.nabble.com/Bouncycaslte-bcprov-jdk15-vs-bcprov-jdk16-td4656252.html]). In particular, the newest release, 1.46, is from {color:#FF0000}2011{color}! [https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk16] The currently maintained and recommended artifacts are *-jdk15on: [https://www.bouncycastle.org/latest_releases.html] They're currently on version 1.60, released only a few months ago. We should update BouncyCastle to the *-jdk15on artifacts and the 1.60 release. It's currently a test-only artifact, so there should be no backwards-compatibility issues with updating this. It's also needed for YARN-6586, where we'll actually be shipping it. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-dev-h...@hadoop.apache.org