[
https://issues.apache.org/jira/browse/NIFI-8186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17276556#comment-17276556
]
ASF subversion and git services commented on NIFI-8186:
-------------------------------------------------------
Commit b4e213cb2c80f50592564b27d952dbb672966f9b in nifi's branch
refs/heads/main from exceptionfactory
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=b4e213c ]
NIFI-8186 Excluded bcprov-ext-jdk15on from spring-security-saml2-core
dependency (#4793)
> Exclude bcprov-ext-jdk15on from spring-security-saml2-core
> ----------------------------------------------------------
>
> Key: NIFI-8186
> URL: https://issues.apache.org/jira/browse/NIFI-8186
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.13.0
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Labels: bouncycastle, security
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> The spring-security-saml2-core library has a transitive dependency on
> bcprov-ext-jdk15on version 1.60 through the
> com.narupley:not-going-to-be-commons-ssl library. The standard
> bcprov-jdk15on library is configured with version 1.68 through the framework,
> so the older extension version of the Bouncy Castle Provider should be
> excluded to avoid expected runtime behavior. The standard and extended
> versions of the Bouncy Castle Provider libraries are fundamentally similar,
> with the primary difference being the inclusion of classes to support of
> obscure NTRU algorithm in the extension library.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
