All,
I've sent a PR that will upgrade bountycastle dependency to the latest version [1]. In terms of security, an upgrade is necessary though it would also require for users (who are upgrading to 4.9.1.0, 4.10.0.0 or later) to destroy old systemvms such as CPVM and SSVM so the agents that will be started in new system vms will use the same dependency jar (version/release) and use the same cipher suites as the mgmt server (i.e. there will be no SSL-based communication issue afterwards) as provided by bountycastle v1.55. Thoughts, feedback? [1] https://github.com/apache/cloudstack/pull/1799 Regards. rohit.ya...@shapeblue.comĀ www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue