(hadoop) branch branch-3.4 updated: HADOOP-19154. Upgrade bouncycastle to 1.78.1 due to CVEs (#6755) (#6866)

Fri, 07 Jun 2024 06:33:11 -0700 

This is an automated email from the ASF dual-hosted git repository.

stevel pushed a commit to branch branch-3.4
in repository https://gitbox.apache.org/repos/asf/hadoop.git


The following commit(s) were added to refs/heads/branch-3.4 by this push:
     new 59b29800bdce HADOOP-19154. Upgrade bouncycastle to 1.78.1 due to CVEs 
(#6755) (#6866)
59b29800bdce is described below

commit 59b29800bdce4bfe9b52ccf2d8bd6eeb0f35176e
Author: PJ Fanning <pjfann...@users.noreply.github.com>
AuthorDate: Fri Jun 7 14:32:27 2024 +0100

    HADOOP-19154. Upgrade bouncycastle to 1.78.1 due to CVEs (#6755) (#6866)
    
    
    Addresses
    
    * CVE-2024-29857 - Importing an EC certificate with specially crafted F2m 
parameters can cause high CPU usage during parameter evaluation.
    * CVE-2024-30171 - Possible timing based leakage in RSA based handshakes 
due to exception processing eliminated.
    * CVE-2024-30172 - Crafted signature and public key can be used to trigger 
an infinite loop in the Ed25519 verification code.
    * CVE-2024-301XX - When endpoint identification is enabled and an SSL 
socket is not created with an explicit hostname (as happens with 
HttpsURLConnection), hostname verification could be performed against a 
DNS-resolved IP address.
    
    Contributed by PJ Fanning
---
 LICENSE-binary                                                      | 6 +++---
 .../hadoop-cos/src/site/markdown/cloud-storage/index.md             | 2 +-
 hadoop-project/pom.xml                                              | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index 92d20725b813..3ab3ef5d5e28 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -481,9 +481,9 @@ com.microsoft.azure:azure-cosmosdb-gateway:2.4.5
 com.microsoft.azure:azure-data-lake-store-sdk:2.3.3
 com.microsoft.azure:azure-keyvault-core:1.0.0
 com.microsoft.sqlserver:mssql-jdbc:6.2.1.jre7
-org.bouncycastle:bcpkix-jdk18on:1.77
-org.bouncycastle:bcprov-jdk18on:1.77
-org.bouncycastle:bcutil-jdk18on:1.77
+org.bouncycastle:bcpkix-jdk18on:1.78.1
+org.bouncycastle:bcprov-jdk18on:1.78.1
+org.bouncycastle:bcutil-jdk18on:1.78.1
 org.checkerframework:checker-qual:2.5.2
 org.codehaus.mojo:animal-sniffer-annotations:1.21
 org.jruby.jcodings:jcodings:1.0.13
diff --git 
a/hadoop-cloud-storage-project/hadoop-cos/src/site/markdown/cloud-storage/index.md
 
b/hadoop-cloud-storage-project/hadoop-cos/src/site/markdown/cloud-storage/index.md
index 64647b03e9ba..60c9c9065946 100644
--- 
a/hadoop-cloud-storage-project/hadoop-cos/src/site/markdown/cloud-storage/index.md
+++ 
b/hadoop-cloud-storage-project/hadoop-cos/src/site/markdown/cloud-storage/index.md
@@ -86,7 +86,7 @@ Linux kernel 2.6+
 - joda-time (version 2.9.9 recommended)
 - httpClient (version 4.5.1 or later recommended)
 - Jackson: jackson-core, jackson-databind, jackson-annotations (version 2.9.8 
or later)
-- bcprov-jdk18on (version 1.77 recommended)
+- bcprov-jdk18on (version 1.78.1 recommended)
 
 
 #### Configure Properties
diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index f7b13344ea6c..4e42e3c895e9 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -111,7 +111,7 @@
     <guava.version>27.0-jre</guava.version>
     <guice.version>4.2.3</guice.version>
 
-    <bouncycastle.version>1.77</bouncycastle.version>
+    <bouncycastle.version>1.78.1</bouncycastle.version>
 
     <!-- Required for testing LDAP integration -->
     <apacheds.version>2.0.0.AM26</apacheds.version>


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org

Reply via email to