This is an automated email from the ASF dual-hosted git repository.
nihaljain pushed a commit to branch branch-2
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2 by this push:
new ff09667334c HBASE-28089 Upgrade BouncyCastle to fix CVE-2023-33201
(#5415) (#5407)
ff09667334c is described below
commit ff09667334cebf9deebaed7b0aacec5e1d95101a
Author: Nihal Jain <[email protected]>
AuthorDate: Wed Sep 20 21:59:28 2023 +0530
HBASE-28089 Upgrade BouncyCastle to fix CVE-2023-33201 (#5415) (#5407)
- Upgrades to v1.76, i.e. the latest version
- Replaces *-jdk15on with *-jdk18on
- Excludes *-jdk15on from everywhere else, to avoid conflicts with *-jdk18on
Signed-off-by: Duo Zhang <[email protected]>
Reviewed-by: Aman Poonia <[email protected]>
---
hbase-asyncfs/pom.xml | 2 +-
hbase-common/pom.xml | 4 +--
hbase-endpoint/pom.xml | 2 +-
hbase-examples/pom.xml | 2 +-
hbase-http/pom.xml | 2 +-
hbase-mapreduce/pom.xml | 2 +-
.../src/main/resources/supplemental-models.xml | 4 +--
hbase-rest/pom.xml | 2 +-
hbase-server/pom.xml | 4 +--
pom.xml | 31 +++++++++++++++++++---
10 files changed, 40 insertions(+), 15 deletions(-)
diff --git a/hbase-asyncfs/pom.xml b/hbase-asyncfs/pom.xml
index dfb1fbd7b18..a57f77e7029 100644
--- a/hbase-asyncfs/pom.xml
+++ b/hbase-asyncfs/pom.xml
@@ -75,7 +75,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/hbase-common/pom.xml b/hbase-common/pom.xml
index 93f22907f6c..4fb75a82256 100644
--- a/hbase-common/pom.xml
+++ b/hbase-common/pom.xml
@@ -153,12 +153,12 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
diff --git a/hbase-endpoint/pom.xml b/hbase-endpoint/pom.xml
index a0f72912f52..0c11e7cc188 100644
--- a/hbase-endpoint/pom.xml
+++ b/hbase-endpoint/pom.xml
@@ -117,7 +117,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/hbase-examples/pom.xml b/hbase-examples/pom.xml
index 372fff0022e..9018dc776a7 100644
--- a/hbase-examples/pom.xml
+++ b/hbase-examples/pom.xml
@@ -145,7 +145,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/hbase-http/pom.xml b/hbase-http/pom.xml
index 47f2fa92ac9..fff02910dde 100644
--- a/hbase-http/pom.xml
+++ b/hbase-http/pom.xml
@@ -107,7 +107,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/hbase-mapreduce/pom.xml b/hbase-mapreduce/pom.xml
index 5c806307053..86921d713b5 100644
--- a/hbase-mapreduce/pom.xml
+++ b/hbase-mapreduce/pom.xml
@@ -237,7 +237,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
diff --git a/hbase-resource-bundle/src/main/resources/supplemental-models.xml
b/hbase-resource-bundle/src/main/resources/supplemental-models.xml
index 586bf36cc2d..8e2ebd0ece8 100644
--- a/hbase-resource-bundle/src/main/resources/supplemental-models.xml
+++ b/hbase-resource-bundle/src/main/resources/supplemental-models.xml
@@ -1316,10 +1316,10 @@ under the License.
<supplement>
<project>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
<licenses>
- <!-- bcpkix-jdk15on is licensed under the Bouncy Castle License, which
is equivalent to the MIT License -->
+ <!-- bcpkix-jdk18on is licensed under the Bouncy Castle License, which
is equivalent to the MIT License -->
<license>
<name>MIT License</name>
<url>http://www.opensource.org/licenses/mit-license.php</url>
diff --git a/hbase-rest/pom.xml b/hbase-rest/pom.xml
index d36eef908f2..44612ebe55f 100644
--- a/hbase-rest/pom.xml
+++ b/hbase-rest/pom.xml
@@ -231,7 +231,7 @@
<!--Test-->
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/hbase-server/pom.xml b/hbase-server/pom.xml
index 61692a6ebfa..f27c4112536 100644
--- a/hbase-server/pom.xml
+++ b/hbase-server/pom.xml
@@ -343,12 +343,12 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/pom.xml b/pom.xml
index ef95d070f67..647efdab561 100644
--- a/pom.xml
+++ b/pom.xml
@@ -607,7 +607,7 @@
<joni.version>2.1.43</joni.version>
<jcodings.version>1.0.57</jcodings.version>
<spy.version>2.12.2</spy.version>
- <bouncycastle.version>1.70</bouncycastle.version>
+ <bouncycastle.version>1.76</bouncycastle.version>
<skyscreamer.version>1.5.1</skyscreamer.version>
<kerby.version>1.0.1</kerby.version>
<commons-crypto.version>1.1.0</commons-crypto.version>
@@ -1381,7 +1381,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<version>${bouncycastle.version}</version>
<scope>test</scope>
</dependency>
@@ -1393,7 +1393,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
<version>${bouncycastle.version}</version>
<scope>test</scope>
</dependency>
@@ -2157,6 +2157,23 @@
</rules>
</configuration>
</execution>
+ <execution>
+ <id>banned-bouncycastle-jdk15on</id>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <bannedDependencies>
+ <excludes>
+ <exclude>org.bouncycastle:*-jdk15on</exclude>
+ </excludes>
+ <message>Use org.bouncycastle:*-jdk18on instead</message>
+ <searchTransitive>true</searchTransitive>
+ </bannedDependencies>
+ </rules>
+ </configuration>
+ </execution>
<execution>
<id>check-aggregate-license</id>
<goals>
@@ -4503,6 +4520,14 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-reload4j</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
