[GitHub] [pulsar] dlsprague commented on issue #8884: After upgrade pulsar client version to 2.6.2, getting the Null pointer exception while publishing a message

GitBox Wed, 06 Jan 2021 12:08:57 -0800


dlsprague commented on issue #8884:
URL: https://github.com/apache/pulsar/issues/8884#issuecomment-755617182



   thank you.   Update to the issue: 
   It is now successful using a different dependency which is bouncy castle and 
the connection is working with encryption enabled.  However, there are black 
duck security vulnerabilities being reported.
   
   Using 2.6.2 client Bouncy castle jar file, an inner jar of pulsar client  
has some internal transitive dependencies with 1.6.0 version  of bouncy castle 
which is causing the HIGH vulnerabilities.
   
   Using 2.7.0  High vulnerability is removed but it has  1 CRITICAL 
vulnerability with the  new  transitive dependency jar 
(bcprov-ext-jdk15on-1.66.jar
   
   
![image262_1](https://user-images.githubusercontent.com/75750837/103815154-ef65a380-5030-11eb-9590-eafa6ff86d4e.png)
   
![image262_2](https://user-images.githubusercontent.com/75750837/103815168-f4c2ee00-5030-11eb-9bb7-7457a5c1ea56.png)
   
![image270_2](https://user-images.githubusercontent.com/75750837/103815175-f68cb180-5030-11eb-8cb6-34a11898dfa7.png)
   
![image270_1](https://user-images.githubusercontent.com/75750837/103815181-f7bdde80-5030-11eb-8909-6db13251aa45.png)
   
   What can we do to resolve this vulverability?  
   
   Thanks again.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [pulsar] dlsprague commented on issue #8884: After upgrade pulsar client version to 2.6.2, getting the Null pointer exception while publishing a message

Reply via email to