[ https://issues.apache.org/jira/browse/CASSANDRA-9384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16763754#comment-16763754 ]
Simon Fontana Oscarsson commented on CASSANDRA-9384: ---------------------------------------------------- Bump. Would be nice if we could resolve this to fix [CVE-2015-0886|https://nvd.nist.gov/vuln/detail/CVE-2015-0886]. Are there any strong opinions against stepping the version? > Update jBCrypt dependency to version 0.4 > ---------------------------------------- > > Key: CASSANDRA-9384 > URL: https://issues.apache.org/jira/browse/CASSANDRA-9384 > Project: Cassandra > Issue Type: Bug > Reporter: Sam Tunnicliffe > Priority: Major > Fix For: 2.1.x, 2.2.x, 3.0.x, 3.11.x > > > https://bugzilla.mindrot.org/show_bug.cgi?id=2097 > Although the bug tracker lists it as NEW/OPEN, the release notes for 0.4 > indicate that this is now fixed, so we should update. > Thanks to [~Bereng] for identifying the issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org