This is an automated email from the ASF dual-hosted git repository.
chenhang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/master by this push:
new 61c03adab7 Upgrade bc-fips to 1.0.2.4 to fix CVE-2022-45146 (#3915)
61c03adab7 is described below
commit 61c03adab754d6c7763ba9330e2ce02866879a3b
Author: Hang Chen <[email protected]>
AuthorDate: Thu Oct 26 18:06:25 2023 +0800
Upgrade bc-fips to 1.0.2.4 to fix CVE-2022-45146 (#3915)
### Motivation
#### [CVE-2022-45146](https://www.cve.org/CVERecord?id=CVE-2022-45146)
Detailed paths
Introduced through: org.apache.distributedlog:[email protected] ›
org.apache.distributedlog:[email protected] ›
org.apache.bookkeeper:[email protected] ›
org.bouncycastle:[email protected]
Fixed in org.bouncycastle:[email protected]
### Changes
Upgrade the org.bouncycastle:bc-fips dependency from 1.0.2.3 to 1.0.2.4
---
bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt | 2 +-
bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt | 2 +-
bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 2 +-
pom.xml | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
index 5c78aa8b2f..ac7b175926 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
@@ -706,7 +706,7 @@ This product bundles the bouncycastle Library.
For license details, see deps/bouncycastle-1.0.2.3/LICENSE.html
Bundled as
- - lib/org.bouncycastle-bc-fips-1.0.2.3.jar
+ - lib/org.bouncycastle-bc-fips-1.0.2.4.jar
------------------------------------------------------------------------------------
This product uses the annotations from The Checker Framework, which are
licensed under
MIT License. For details, see deps/checker-qual-3.5.0/LICENSE
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
index 370202dc87..66699c65bc 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
@@ -594,7 +594,7 @@ This product bundles the bouncycastle Library.
For license details, see deps/bouncycastle-1.0.2.3/LICENSE.html
Bundled as
- - lib/org.bouncycastle-bc-fips-1.0.2.3.jar
+ - lib/org.bouncycastle-bc-fips-1.0.2.4.jar
------------------------------------------------------------------------------------
This product uses the annotations from The Checker Framework, which are
licensed under
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
index 75b281fd19..4a2ee1a803 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
@@ -695,7 +695,7 @@ This product bundles the bouncycastle Library.
For license details, see deps/bouncycastle-1.0.2.3/LICENSE.html
Bundled as
- - lib/org.bouncycastle-bc-fips-1.0.2.3.jar
+ - lib/org.bouncycastle-bc-fips-1.0.2.4.jar
------------------------------------------------------------------------------------
This product uses the annotations from The Checker Framework, which are
licensed under
MIT License. For details, see deps/checker-qual-3.5.0/LICENSE
diff --git a/pom.xml b/pom.xml
index 493960ab5c..60667c6eb1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -125,7 +125,7 @@
<commons-lang.version>2.6</commons-lang.version>
<commons-lang3.version>3.6</commons-lang3.version>
<commons-io.version>2.7</commons-io.version>
- <bouncycastle.version>1.0.2.3</bouncycastle.version>
+ <bouncycastle.version>1.0.2.4</bouncycastle.version>
<curator.version>5.1.0</curator.version>
<dropwizard.version>4.1.12.1</dropwizard.version>
<etcd.version>0.5.11</etcd.version>
