[jira] [Comment Edited] (PDFBOX-1587) Update the dependency on Bouncy Castle to 1.48

Tue, 30 Apr 2013 10:44:16 -0700 

    [ 
https://issues.apache.org/jira/browse/PDFBOX-1587?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13645762#comment-13645762
 ] 

Emmanuel Bourg edited comment on PDFBOX-1587 at 4/30/13 5:42 PM:
-----------------------------------------------------------------

I'm not sure this will break applications using encrypted documents with 
PDFBox. As I understand the PDFBox code, Bouncy Castle is a purely internal 
dependency, no class from Bouncy Class leaks in the public API of PDFBox. The 
user only interacts with standard X509Certificates from java.security.cert. So 
it should be safe to upgrade the dependency even for the 1.8.x line.
                
      was (Author: ebourg):
    I'm not sure this will break applications using encrypted documents with 
PDFBox. As I understand the PDFBox code, Bouncy Castle is a purely internal 
dependency, no class from Bouncy Class leaks in the public API of PDFBox. The 
user only interacts with standard X50Certificates from java.security.cert. So 
it should be safe to upgrade the dependency even for the 1.8.x line.
                  
>  Update the dependency on Bouncy Castle to 1.48
> -----------------------------------------------
>
>                 Key: PDFBOX-1587
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-1587
>             Project: PDFBox
>          Issue Type: Improvement
>    Affects Versions: 1.8.1
>            Reporter: Emmanuel Bourg
>            Assignee: Thomas Chojecki
>             Fix For: 2.0.0
>
>         Attachments: pdfbox-bouncycastle-update.patch
>
>
> The recent versions of Bouncy Castle didn't preserve the binary compatibility 
> and PDFBox doesn't compile against them.
> This is an issue for the Debian project because the Bouncy Castle package has 
> to be updated to 1.48 in order to fix a security issue. This update is going 
> to break the PDFBox package.
> Could you please update the dependency on Bouncy Castle? I'll attach the 
> patch with the necessary changes.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to