(hadoop) branch trunk updated: HADOOP-18540. Upgrade Bouncy Castle to 1.70 (#5166)

Mon, 01 Jan 2024 11:04:19 -0800 

This is an automated email from the ASF dual-hosted git repository.

stevel pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 9edcf42c7857 HADOOP-18540. Upgrade Bouncy Castle to 1.70 (#5166)
9edcf42c7857 is described below

commit 9edcf42c7857428d6425b59a6b716c7ecf667c4d
Author: Murali Krishna <muralikrishna.dm...@gmail.com>
AuthorDate: Tue Jan 2 00:34:06 2024 +0530

    HADOOP-18540. Upgrade Bouncy Castle to 1.70 (#5166)
    
    
    This addresses
    - [sonatype-2021-4916] CWE-327: Use of a Broken or Risky Cryptographic 
Algorithm
    - [sonatype-2019-0673] CWE-400: Uncontrolled Resource Consumption 
('Resource Exhaustion')
    
    Contributed by Murali Krishna
---
 LICENSE-binary         | 5 +++--
 hadoop-project/pom.xml | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index 49ac5c58fe6a..1ebc44b0580a 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -479,8 +479,9 @@ com.microsoft.azure:azure-cosmosdb-gateway:2.4.5
 com.microsoft.azure:azure-data-lake-store-sdk:2.3.3
 com.microsoft.azure:azure-keyvault-core:1.0.0
 com.microsoft.sqlserver:mssql-jdbc:6.2.1.jre7
-org.bouncycastle:bcpkix-jdk15on:1.68
-org.bouncycastle:bcprov-jdk15on:1.68
+org.bouncycastle:bcpkix-jdk15on:1.70
+org.bouncycastle:bcprov-jdk15on:1.70
+org.bouncycastle:bcutil-jdk15on:1.70
 org.checkerframework:checker-qual:2.5.2
 org.codehaus.mojo:animal-sniffer-annotations:1.21
 org.jruby.jcodings:jcodings:1.0.13
diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index 81c7205b619b..9fdcc0256be4 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -111,7 +111,7 @@
     <guava.version>27.0-jre</guava.version>
     <guice.version>4.2.3</guice.version>
 
-    <bouncycastle.version>1.68</bouncycastle.version>
+    <bouncycastle.version>1.70</bouncycastle.version>
 
     <!-- Required for testing LDAP integration -->
     <apacheds.version>2.0.0.AM26</apacheds.version>


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org

Reply via email to