[jira] [Commented] (HADOOP-17898) Upgrade BouncyCastle to 1.69

Ahmed Hussein (Jira) Wed, 08 Sep 2021 07:00:19 -0700


    [ 
https://issues.apache.org/jira/browse/HADOOP-17898?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17411953#comment-17411953
 ]


Ahmed Hussein commented on HADOOP-17898:
----------------------------------------

I created [PR-3405|https://github.com/apache/hadoop/pull/3405] for trunk.
Since spark is on bcprov-jdk15on-1.58, then it should be safe to upgrade 
branch-2.10 from bcprov-jdk16 to at least bcprov-jdk15on-1.58. I will file a 
separate Jira for branch-2.10

> Upgrade BouncyCastle to 1.69
> ----------------------------
>
>                 Key: HADOOP-17898
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17898
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 3.4.0, 2.10.2, 3.2.3, 3.3.2
>            Reporter: Ahmed Hussein
>            Assignee: Ahmed Hussein
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> Vulnerabilities reported in BouncyCastle:
> [CVE-2020-26939|https://nvd.nist.gov/vuln/detail/CVE-2020-26939] moderate 
> severity
> [CVE-2020-15522|https://nvd.nist.gov/vuln/detail/CVE-2020-15522] moderate 
> severity
> Affecting releases before 1.66.
>  
> Upgrade to latest 1.69.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (HADOOP-17898) Upgrade BouncyCastle to 1.69

Reply via email to