[
https://issues.apache.org/jira/browse/ZOOKEEPER-3236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16755190#comment-16755190
]
Hudson commented on ZOOKEEPER-3236:
-----------------------------------
FAILURE: Integrated in Jenkins build Zookeeper-trunk-single-thread #210 (See
[https://builds.apache.org/job/Zookeeper-trunk-single-thread/210/])
ZOOKEEPER-3236: Upgrade BouncyCastle (andor: rev
693b92e8615c3559f4f08032b94928447fa43e98)
* (edit) pom.xml
> Upgrade BouncyCastle
> --------------------
>
> Key: ZOOKEEPER-3236
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3236
> Project: ZooKeeper
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.6.0, 3.5.5
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> BouncyCastle should be upgraded to the latest release. The current version we
> are picking up contains security advisories:
> bcprov-jdk15on-1.56.jar
> (cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.56,
> org.bouncycastle:bcprov-jdk15on:1.56,
> cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.56,
> cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.56) : CVE-2017-13098,
> CVE-2018-1000180, CVE-2018-1000613
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
