[jira] [Resolved] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052

Jira Tue, 24 Aug 2021 01:36:04 -0700


     [ 
https://issues.apache.org/jira/browse/KARAF-7240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jean-Baptiste Onofré resolved KARAF-7240.
-----------------------------------------
    Fix Version/s: 4.3.3
                   4.2.12
       Resolution: Fixed

> Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052
> --------------------------------------------------------
>
>                 Key: KARAF-7240
>                 URL: https://issues.apache.org/jira/browse/KARAF-7240
>             Project: Karaf
>          Issue Type: Dependency upgrade
>          Components: karaf
>    Affects Versions: 4.3.2
>         Environment: Apache Karaf - OSGi
>            Reporter: Karthick
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 4.2.12, 4.3.3
>
>
> We are using Apache Karaf 4.3.2 in our project and our security scans report 
> CVE-2020-28052 
> ([https://nvd.nist.gov/vuln/detail/CVE-2020-28|https://nvd.nist.gov/vuln/detail/CVE-2021-26291).]052)
>  on our package because Karaf by default packs bcprov and bcpkix 1.66 
> versions. The fix for the specified CVE is to use bcprov and bcpkis 1.67 and 
> higher. Apache Karaf should update to use later versions of these bouncy 
> castle 3pps so that this CVE is mitigated.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052

Reply via email to