[jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052

ASF subversion and git services (Jira) Tue, 24 Aug 2021 01:35:04 -0700


    [ 
https://issues.apache.org/jira/browse/KARAF-7240?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17403651#comment-17403651
 ]


ASF subversion and git services commented on KARAF-7240:
--------------------------------------------------------

Commit 749f770bd6be340a33818bce61c640674d06cee6 in karaf's branch 
refs/heads/main from Jean-Baptiste Onofré
[ https://gitbox.apache.org/repos/asf?p=karaf.git;h=749f770 ]

[KARAF-7240] Upgrade to bouncycastle 1.68


> Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052
> --------------------------------------------------------
>
>                 Key: KARAF-7240
>                 URL: https://issues.apache.org/jira/browse/KARAF-7240
>             Project: Karaf
>          Issue Type: Dependency upgrade
>          Components: karaf
>    Affects Versions: 4.3.2
>         Environment: Apache Karaf - OSGi
>            Reporter: Karthick
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>
> We are using Apache Karaf 4.3.2 in our project and our security scans report 
> CVE-2020-28052 
> ([https://nvd.nist.gov/vuln/detail/CVE-2020-28|https://nvd.nist.gov/vuln/detail/CVE-2021-26291).]052)
>  on our package because Karaf by default packs bcprov and bcpkix 1.66 
> versions. The fix for the specified CVE is to use bcprov and bcpkis 1.67 and 
> higher. Apache Karaf should update to use later versions of these bouncy 
> castle 3pps so that this CVE is mitigated.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052

Reply via email to