[jira] [Commented] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052

Jira Tue, 10 Aug 2021 00:01:34 -0700


    [ 
https://issues.apache.org/jira/browse/KARAF-7240?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17396482#comment-17396482
 ]


Jean-Baptiste Onofré commented on KARAF-7240:
---------------------------------------------

Yes, it's already planned now that I've created the corresponding SMX bundle.

> Upgrade bcprov artifacts to mitigate CVE-2020-28052
> ---------------------------------------------------
>
>                 Key: KARAF-7240
>                 URL: https://issues.apache.org/jira/browse/KARAF-7240
>             Project: Karaf
>          Issue Type: Task
>          Components: karaf
>    Affects Versions: 4.3.2
>         Environment: Apache Karaf - OSGi
>            Reporter: Karthick
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>
> We are using Apache Karaf 4.3.2 in our project and our security scans report 
> CVE-2020-28052 
> ([https://nvd.nist.gov/vuln/detail/CVE-2020-28|https://nvd.nist.gov/vuln/detail/CVE-2021-26291).]052)
>  on our package because Karaf by default packs bcprov and bcpkix 1.66 
> versions. The fix for the specified CVE is to use bcprov and bcpkis 1.67 and 
> higher. Apache Karaf should update to use later versions of these bouncy 
> castle 3pps so that this CVE is mitigated.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052

Reply via email to