(pulsar) branch master updated: [fix][sec] Upgrade BouncyCastle FIPS to 2.0.10 to remediate CVE-2025-8916 (#24923)

Fri, 31 Oct 2025 04:07:06 -0700 

This is an automated email from the ASF dual-hosted git repository.

lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new f3fa7e6dfde [fix][sec] Upgrade BouncyCastle FIPS to 2.0.10 to 
remediate CVE-2025-8916 (#24923)
f3fa7e6dfde is described below

commit f3fa7e6dfded17c7f617fcebc8337bc02c67ce96
Author: guptas6est <[email protected]>
AuthorDate: Fri Oct 31 11:06:19 2025 +0000

    [fix][sec] Upgrade BouncyCastle FIPS to 2.0.10 to remediate CVE-2025-8916 
(#24923)
---
 bouncy-castle/bcfips/LICENSE | 5 +++--
 bouncy-castle/bcfips/pom.xml | 5 +++++
 pom.xml                      | 4 ++--
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/bouncy-castle/bcfips/LICENSE b/bouncy-castle/bcfips/LICENSE
index b493804d192..5eda282e5aa 100644
--- a/bouncy-castle/bcfips/LICENSE
+++ b/bouncy-castle/bcfips/LICENSE
@@ -205,5 +205,6 @@
 This projects includes binary packages with the following licenses:
 Bouncy Castle License
  * Bouncy Castle -- licenses/LICENSE-bouncycastle.txt
-    - org.bouncycastle-bcpkix-fips-1.0.7.jar
-    - org.bouncycastle-bc-fips-1.0.2.6.jar
+    - org.bouncycastle-bcpkix-fips-2.0.10.jar
+    - org.bouncycastle-bc-fips-2.0.1.jar
+    - org.bouncycastle-bctutil-fips-2.0.5.jar
diff --git a/bouncy-castle/bcfips/pom.xml b/bouncy-castle/bcfips/pom.xml
index a21645e4339..f3859a833f9 100644
--- a/bouncy-castle/bcfips/pom.xml
+++ b/bouncy-castle/bcfips/pom.xml
@@ -32,6 +32,11 @@
   <name>Apache Pulsar :: Bouncy Castle :: BC-FIPS</name>
 
   <dependencies>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcutil-fips</artifactId>
+      <version>2.0.5</version>
+    </dependency>
     <dependency>
       <groupId>${project.groupId}</groupId>
       <artifactId>pulsar-common</artifactId>
diff --git a/pom.xml b/pom.xml
index 1efa8760f7e..a57ffdab389 100644
--- a/pom.xml
+++ b/pom.xml
@@ -205,8 +205,8 @@ flexible messaging model and an intuitive client 
API.</description>
     
<bouncycastle.bcprov-jdk18on.version>1.78.1</bouncycastle.bcprov-jdk18on.version>
     
<bouncycastle.bcpkix-jdk18on.version>1.81</bouncycastle.bcpkix-jdk18on.version>
     
<bouncycastle.bcprov-ext-jdk18on.version>1.78.1</bouncycastle.bcprov-ext-jdk18on.version>
-    <bouncycastle.bcpkix-fips.version>1.0.7</bouncycastle.bcpkix-fips.version>
-    <bouncycastle.bc-fips.version>1.0.2.6</bouncycastle.bc-fips.version>
+    <bouncycastle.bcpkix-fips.version>2.0.10</bouncycastle.bcpkix-fips.version>
+    <bouncycastle.bc-fips.version>2.0.1</bouncycastle.bc-fips.version>
     <jackson.version>2.17.2</jackson.version>
     <fastutil.version>8.5.16</fastutil.version>
     <jctools.version>4.0.5</jctools.version>

Reply via email to