fmiguelez opened a new issue #9235: URL: https://github.com/apache/pulsar/issues/9235
Library pulsar-client-2.7.0.jar has a dependency with Bouncy Castle 1.66 (bcprov-jdk15on-1.66.jar) with high-risk vulnerability [CVE-2020-28052](https://nvd.nist.gov/vuln/detail/CVE-2020-28052). It has also been reported to directly affect [Pulsar Manager 0.1.0](https://lists.apache.org/thread.html/rb8b3025f8b507dec0b66791df408cdaf2d155866db1c7a1a4bc621cd%40%3Cdev.pulsar.apache.org%3E) Solution would involve upgrading to BC 1.68. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
