[jira] [Commented] (PDFBOX-4779) PDFBOX: Update Bouncy Castle Crypto to version 1.64

Nick Gorbarov (Jira) Tue, 18 Feb 2020 06:42:13 -0800


    [ 
https://issues.apache.org/jira/browse/PDFBOX-4779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17039133#comment-17039133
 ]


Nick Gorbarov commented on PDFBOX-4779:
---------------------------------------

Just needed to update parent/pom.xml

line 52: <bouncycastle.version>1.60</bouncycastle.version>

to

<bouncycastle.version>1.64</bouncycastle.version>

> PDFBOX: Update Bouncy Castle Crypto to version 1.64
> ---------------------------------------------------
>
>                 Key: PDFBOX-4779
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-4779
>             Project: PDFBox
>          Issue Type: Improvement
>          Components: Crypto
>    Affects Versions: 2.0.18
>            Reporter: Nick Gorbarov
>            Priority: Major
>              Labels: crypto
>
> Please update Bouncy Castle Crypto to verison 1.64. It contains critical 
> issue:
>  *CVE-2019-17359*: A change to the ASN.1 parser in 1.63 introduced a 
> regression that can cause an OutOfMemoryError to occur on parsing ASN.1 data. 
> We recommend upgrading to 1.64, particularly where an application might be 
> parsing untrusted ASN.1 data from third parties.
>  
> Link to Bouncy Castle Crypto: [https://www.bouncycastle.org/releasenotes.html]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (PDFBOX-4779) PDFBOX: Update Bouncy Castle Crypto to version 1.64

Reply via email to