[jira] [Updated] (SSHD-1344) Remove net.i2p.crypto:eddsa dependency from sshd-common project

Thomas Wolf (Jira) Sat, 29 Mar 2025 09:18:24 -0700


     [ 
https://issues.apache.org/jira/browse/SSHD-1344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Thomas Wolf updated SSHD-1344:
------------------------------
    External issue URL: https://github.com/apache/mina-sshd/issues/585

> Remove net.i2p.crypto:eddsa dependency from sshd-common project
> ---------------------------------------------------------------
>
>                 Key: SSHD-1344
>                 URL: https://issues.apache.org/jira/browse/SSHD-1344
>             Project: MINA SSHD
>          Issue Type: Improvement
>    Affects Versions: 2.15.0
>            Reporter: Gerhard Munze
>            Priority: Major
>              Labels: Dependencies, cve, outdated
>
> The sshd-common project uses the dependency
> {code:java}
>  <!-- For ed25519 support -->        
> <dependency>
>             <groupId>net.i2p.crypto</groupId>
>             <artifactId>eddsa</artifactId>   
>             <optional>true</optional>        
> </dependency> {code}
> for ed25519 support. But this library is outdated (Last commit 2018, 
> including cves)
> I suggesst to remove this depencency and use the standard java classes for 
> ed25519 support.
> Java supports ed25519 since java 15 (see [https://openjdk.org/jeps/339)]
> There is also a problem with net.i2p.crypto library when you want to natvive 
> compile code with graalvm.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Updated] (SSHD-1344) Remove net.i2p.crypto:eddsa dependency from sshd-common project

Reply via email to