renovate-bot opened a new pull request, #6695: URL: https://github.com/apache/jmeter/pull/6695
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [org.bouncycastle:bcprov-jdk18on](https://www.bouncycastle.org/download/bouncy-castle-java/) ([source](https://redirect.github.com/bcgit/bc-java)) | `1.82` → `1.84` |  |  | --- ### Bouncy Castle has an LDAP injection [CVE-2026-0636](https://nvd.nist.gov/vuln/detail/CVE-2026-0636) / [GHSA-c3fc-8qff-9hwx](https://redirect.github.com/advisories/GHSA-c3fc-8qff-9hwx) <details> <summary>More information</summary> #### Details Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.84. #### Severity - CVSS Score: 5.5 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/RE:M/U:Amber` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2026-0636](https://nvd.nist.gov/vuln/detail/CVE-2026-0636) - [https://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde](https://redirect.github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde) - [https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636](https://redirect.github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636) - [https://github.com/advisories/GHSA-c3fc-8qff-9hwx](https://redirect.github.com/advisories/GHSA-c3fc-8qff-9hwx) This data is provided by the [GitHub Advisory Database](https://redirect.github.com/advisories/GHSA-c3fc-8qff-9hwx) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Bouncy Castle Has Covert Timing Channel Vulnerability [CVE-2026-5598](https://nvd.nist.gov/vuln/detail/CVE-2026-5598) / [GHSA-p93r-85wp-75v3](https://redirect.github.com/advisories/GHSA-p93r-85wp-75v3) <details> <summary>More information</summary> #### Details Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.84. #### Severity - CVSS Score: 8.9 / 10 (High) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2026-5598](https://nvd.nist.gov/vuln/detail/CVE-2026-5598) - [https://github.com/bcgit/bc-java/commit/8692e6b2b191fc4aafa32545c7a78bdb9bf110c5](https://redirect.github.com/bcgit/bc-java/commit/8692e6b2b191fc4aafa32545c7a78bdb9bf110c5) - [https://github.com/bcgit/bc-java/commit/94abbd56413dfdac651fd878bc60253871ef5e87](https://redirect.github.com/bcgit/bc-java/commit/94abbd56413dfdac651fd878bc60253871ef5e87) - [https://github.com/bcgit/bc-java/wiki/CVE-2026-5598](https://redirect.github.com/bcgit/bc-java/wiki/CVE-2026-5598) - [https://github.com/advisories/GHSA-p93r-85wp-75v3](https://redirect.github.com/advisories/GHSA-p93r-85wp-75v3) This data is provided by the [GitHub Advisory Database](https://redirect.github.com/advisories/GHSA-p93r-85wp-75v3) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/apache/jmeter). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE1MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
