[
https://issues.apache.org/jira/browse/NIFI-8186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-8186:
-----------------------------------
Status: Patch Available (was: In Progress)
> Exclude bcprov-ext-jdk15on from spring-security-saml2-core
> ----------------------------------------------------------
>
> Key: NIFI-8186
> URL: https://issues.apache.org/jira/browse/NIFI-8186
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.13.0
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Labels: bouncycastle, security
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The spring-security-saml2-core library has a transitive dependency on
> bcprov-ext-jdk15on version 1.60 through the
> com.narupley:not-going-to-be-commons-ssl library. The standard
> bcprov-jdk15on library is configured with version 1.68 through the framework,
> so the older extension version of the Bouncy Castle Provider should be
> excluded to avoid expected runtime behavior. The standard and extended
> versions of the Bouncy Castle Provider libraries are fundamentally similar,
> with the primary difference being the inclusion of classes to support of
> obscure NTRU algorithm in the extension library.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
