I've sent a PR that will upgrade bountycastle dependency to the latest version
. In terms of security, an upgrade is necessary though it would also require
for users (who are upgrading to 126.96.36.199, 188.8.131.52 or later) to destroy old
systemvms such as CPVM and SSVM so the agents that will be started in new
system vms will use the same dependency jar (version/release) and use the same
cipher suites as the mgmt server (i.e. there will be no SSL-based communication
issue afterwards) as provided by bountycastle v1.55.
53 Chandos Place, Covent Garden, London WC2N 4HSUK