[
https://issues.apache.org/jira/browse/TINKERPOP-1068?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15184858#comment-15184858
]
stephen mallette commented on TINKERPOP-1068:
---------------------------------------------
Can't find out much about the svenkubiak version - according to the README it
is a modified version, but only modified for maven and OSGi convenience. Not
sure that we want to rely on that.
I guess I could swap it out all together for another encryption lib like jasypt
- wouldn't take much effort I don't think. Can't think of other options beyond
bundling a version we build ourselves which isn't so nice.
Other ideas?
> Bump to support jbcrypt-0.4m.jar
> --------------------------------
>
> Key: TINKERPOP-1068
> URL: https://issues.apache.org/jira/browse/TINKERPOP-1068
> Project: TinkerPop
> Issue Type: Improvement
> Components: build-release
> Affects Versions: 3.1.0-incubating
> Reporter: Marko A. Rodriguez
> Fix For: 3.1.2-incubating
>
>
> Sven says there is a security issue in {{jbcrypt-0.3m.jar}}, where {{0.4}}
> solves it. I am told that 0.4 is not out yet in Central Repo so we will have
> to wait. However, a quick Google search revealed:
> http://mvnrepository.com/artifact/de.svenkubiak/jBCrypt/0.4
> Different {{groupId}}/etc. but same "mindrot" development group. ??
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
