All,

I've sent a PR that will upgrade bountycastle dependency to the latest version 
[1]. In terms of security, an upgrade is necessary though it would also require 
for users (who are upgrading to 4.9.1.0, 4.10.0.0 or later) to destroy old 
systemvms such as CPVM and SSVM so the agents that will be started in new 
system vms will use the same dependency jar (version/release) and use the same 
cipher suites as the mgmt server (i.e. there will be no SSL-based communication 
issue afterwards) as provided by bountycastle v1.55.


Thoughts, feedback?


[1] https://github.com/apache/cloudstack/pull/1799


Regards.

rohit.ya...@shapeblue.comĀ 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

Reply via email to