[jira] [Created] (HADOOP-19024) change to bouncy castle jdk1.8 jars

PJ Fanning (Jira) Thu, 04 Jan 2024 08:05:59 -0800

PJ Fanning created HADOOP-19024:
-----------------------------------

             Summary: change to bouncy castle jdk1.8 jars
                 Key: HADOOP-19024
                 URL: https://issues.apache.org/jira/browse/HADOOP-19024
             Project: Hadoop Common
          Issue Type: Task
            Reporter: PJ Fanning



They have stopped patching the JDK 1.5 jars that Hadoop uses (see 
https://issues.apache.org/jira/browse/HADOOP-18540).

The new artifacts have similar names - but the names are like bcprov-jdk18on as 
opposed to bcprov-jdk15on.

CVE-2023-33201 is an example of a security issue that seems only to be fixed in 
the JDK 1.8 artifacts (ie no JDK 1.5 jar has the fix).

https://www.bouncycastle.org/releasenotes.html#r1rv77 latest current release 
but the CVE was fixed in 1.74.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org

[jira] [Created] (HADOOP-19024) change to bouncy castle jdk1.8 jars

Reply via email to