[
https://issues.apache.org/jira/browse/PDFBOX-1587?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13645762#comment-13645762
]
Emmanuel Bourg commented on PDFBOX-1587:
----------------------------------------
I'm not sure this will break applications using encrypted documents with
PDFBox. As I understand the PDFBox code, Bouncy Castle is a purely internal
dependency, no class from Bouncy Class leaks in the public API of PDFBox. The
user only interacts with standard X50Certificates from java.security.cert. So
it should be safe to upgrade the dependency even for the 1.8.x line.
> Update the dependency on Bouncy Castle to 1.48
> -----------------------------------------------
>
> Key: PDFBOX-1587
> URL: https://issues.apache.org/jira/browse/PDFBOX-1587
> Project: PDFBox
> Issue Type: Improvement
> Affects Versions: 1.8.1
> Reporter: Emmanuel Bourg
> Assignee: Thomas Chojecki
> Fix For: 2.0.0
>
> Attachments: pdfbox-bouncycastle-update.patch
>
>
> The recent versions of Bouncy Castle didn't preserve the binary compatibility
> and PDFBox doesn't compile against them.
> This is an issue for the Debian project because the Bouncy Castle package has
> to be updated to 1.48 in order to fix a security issue. This update is going
> to break the PDFBox package.
> Could you please update the dependency on Bouncy Castle? I'll attach the
> patch with the necessary changes.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
