This is an automated email from the ASF dual-hosted git repository. yong pushed a commit to branch branch-4.15 in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
commit 74d62b40901c79967f63a431fd9fff37a241935e Author: Hang Chen <[email protected]> AuthorDate: Thu Oct 26 18:06:25 2023 +0800 Upgrade bc-fips to 1.0.2.4 to fix CVE-2022-45146 (#3915) ### Motivation #### [CVE-2022-45146](https://www.cve.org/CVERecord?id=CVE-2022-45146) Detailed paths Introduced through: org.apache.distributedlog:[email protected] › org.apache.distributedlog:[email protected] › org.apache.bookkeeper:[email protected] › org.bouncycastle:[email protected] Fixed in org.bouncycastle:[email protected] ### Changes Upgrade the org.bouncycastle:bc-fips dependency from 1.0.2.3 to 1.0.2.4 (cherry picked from commit 61c03adab754d6c7763ba9330e2ce02866879a3b) --- bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt | 2 +- bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt | 2 +- bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 2 +- pom.xml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt index b2d2196353..1e37f1de33 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt @@ -668,7 +668,7 @@ This product bundles the bouncycastle Library. For license details, see deps/bouncycastle-1.0.2.3/LICENSE.html Bundled as - - lib/org.bouncycastle-bc-fips-1.0.2.3.jar + - lib/org.bouncycastle-bc-fips-1.0.2.4.jar ------------------------------------------------------------------------------------ This product uses the annotations from The Checker Framework, which are licensed under MIT License. For details, see deps/checker-qual-3.5.0/LICENSE diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt index 4e10bed628..6a042de3ca 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt @@ -591,7 +591,7 @@ This product bundles the bouncycastle Library. For license details, see deps/bouncycastle-1.0.2.3/LICENSE.html Bundled as - - lib/org.bouncycastle-bc-fips-1.0.2.3.jar + - lib/org.bouncycastle-bc-fips-1.0.2.4.jar ------------------------------------------------------------------------------------ This product uses the annotations from The Checker Framework, which are licensed under diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt index e6eacd3a46..61366100d5 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt @@ -657,7 +657,7 @@ This product bundles the bouncycastle Library. For license details, see deps/bouncycastle-1.0.2.3/LICENSE.html Bundled as - - lib/org.bouncycastle-bc-fips-1.0.2.3.jar + - lib/org.bouncycastle-bc-fips-1.0.2.4.jar ------------------------------------------------------------------------------------ This product uses the annotations from The Checker Framework, which are licensed under MIT License. For details, see deps/checker-qual-3.5.0/LICENSE diff --git a/pom.xml b/pom.xml index a507400244..99897e2a52 100644 --- a/pom.xml +++ b/pom.xml @@ -128,7 +128,7 @@ <commons-lang.version>2.6</commons-lang.version> <commons-lang3.version>3.6</commons-lang3.version> <commons-io.version>2.7</commons-io.version> - <bouncycastle.version>1.0.2.3</bouncycastle.version> + <bouncycastle.version>1.0.2.4</bouncycastle.version> <curator.version>5.1.0</curator.version> <dropwizard.version>4.1.12.1</dropwizard.version> <etcd.version>0.5.11</etcd.version>
