[pulsar] branch branch-2.7 updated: Upgrade Bouncy Castle to 1.68 (#9199)

Wed, 10 Mar 2021 15:11:32 -0800 

This is an automated email from the ASF dual-hosted git repository.

penghui pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-2.7 by this push:
     new a2ef25e  Upgrade Bouncy Castle to 1.68 (#9199)
a2ef25e is described below

commit a2ef25ea354f9fd98c080bbb0806c11d4da141e3
Author: Masahiro Sakamoto <[email protected]>
AuthorDate: Wed Jan 13 16:10:55 2021 +0900

    Upgrade Bouncy Castle to 1.68 (#9199)
    
    The version of Bouncy Castle that Pulsar currently depends on has security 
vulnerability, so upgraded it to the latest version.
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-28052
    
    (cherry picked from commit 527eb31fa7b5e2621517d41b72a7153cde4dc0a3)
---
 distribution/server/src/assemble/LICENSE.bin.txt | 6 +++---
 pom.xml                                          | 2 +-
 pulsar-sql/presto-distribution/LICENSE           | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt 
b/distribution/server/src/assemble/LICENSE.bin.txt
index e9794cc..b1815e2 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -591,9 +591,9 @@ Creative Commons Attribution License
 
 Bouncy Castle License
  * Bouncy Castle -- licenses/LICENSE-bouncycastle.txt
-    - org.bouncycastle-bcpkix-jdk15on-1.66.jar
-    - org.bouncycastle-bcprov-ext-jdk15on-1.66.jar
-    - org.bouncycastle-bcprov-jdk15on-1.66.jar
+    - org.bouncycastle-bcpkix-jdk15on-1.68.jar
+    - org.bouncycastle-bcprov-ext-jdk15on-1.68.jar
+    - org.bouncycastle-bcprov-jdk15on-1.68.jar
 
 ------------------------
 
diff --git a/pom.xml b/pom.xml
index 4cf8f03..dbcc73e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -112,7 +112,7 @@ flexible messaging model and an intuitive client 
API.</description>
     <slf4j.version>1.7.25</slf4j.version>
     <commons.collections.version>3.2.2</commons.collections.version>
     <log4j2.version>2.10.0</log4j2.version>
-    <bouncycastle.version>1.66</bouncycastle.version>
+    <bouncycastle.version>1.68</bouncycastle.version>
     <bouncycastlefips.version>1.0.2</bouncycastlefips.version>
     <jackson.version>2.11.1</jackson.version>
     <jackson.databind.version>2.11.1</jackson.databind.version>
diff --git a/pulsar-sql/presto-distribution/LICENSE 
b/pulsar-sql/presto-distribution/LICENSE
index 32bed1c..e866d53 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -570,6 +570,6 @@ Creative Commons Attribution License
 
 Bouncy Castle License
  * Bouncy Castle -- licenses/LICENSE-bouncycastle.txt
--    - bcpkix-jdk15on-1.66.jar
--    - bcprov-ext-jdk15on-1.66.jar
--    - bcprov-jdk15on-1.66.jar
+-    - bcpkix-jdk15on-1.68.jar
+-    - bcprov-ext-jdk15on-1.68.jar
+-    - bcprov-jdk15on-1.68.jar

Reply via email to