[
https://issues.apache.org/jira/browse/TOMEE-4337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Richard Zowalla updated TOMEE-4337:
-----------------------------------
Affects Version/s: 10.0.0-M1
(was: 9.1.3)
> bcprov-jdk15to18-1.76.jar and bcpkix-jdk15to18-1.76.jar
> --------------------------------------------------------
>
> Key: TOMEE-4337
> URL: https://issues.apache.org/jira/browse/TOMEE-4337
> Project: TomEE
> Issue Type: Dependency upgrade
> Components: TomEE Core Server
> Affects Versions: 10.0.0-M1
> Reporter: RAJU THANNEERU
> Priority: Major
>
> New vulnerabilities in bcprov-jdk15to18-1.76.jar and bcpkix-jdk15to18-1.76.jar
> Looks like these are already addressed in 1.78 version, so upgrade to 1.78 or
> 1.78.1
> *bcprov-jdk15to18-1.76.jar*
> |[CVE-2024-29857|https://nvd.nist.gov/vuln/detail/CVE-2024-29857]|
> |[CVE-2024-30171|https://nvd.nist.gov/vuln/detail/CVE-2024-30171]|
> |[CVE-2024-30172|https://nvd.nist.gov/vuln/detail/CVE-2024-30172]|
> |[CVE-2024-34447|https://nvd.nist.gov/vuln/detail/CVE-2024-34447]|
> *bcpkix-jdk15to18-1.76.jar*
> |[CVE-2024-29857|https://nvd.nist.gov/vuln/detail/CVE-2024-29857]|
> |[CVE-2024-30171|https://nvd.nist.gov/vuln/detail/CVE-2024-30171]|
> |[CVE-2024-30172|https://nvd.nist.gov/vuln/detail/CVE-2024-30172]|
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
