[ 
https://issues.apache.org/jira/browse/NIFI-4928?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andy LoPresto updated NIFI-4928:
--------------------------------
    Fix Version/s:     (was: 0.5.0)

> Upgrade to current version of BouncyCastle (1.55 -> 1.59)
> ---------------------------------------------------------
>
>                 Key: NIFI-4928
>                 URL: https://issues.apache.org/jira/browse/NIFI-4928
>             Project: Apache NiFi
>          Issue Type: Task
>          Components: Core Framework
>    Affects Versions: 1.5.0
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>            Priority: Major
>              Labels: dependencies, security
>
> The existing Maven dependencies are for 
> {{org.bouncycastle:bcprov-jdk16:1.46}} and 
> {{org.bouncycastle:bcpg-jdk16:1.46}}. While {{jdk16}} looks "newer" than 
> {{jdk15on}}, this was actually a legacy mistake on the part of BouncyCastle 
> versioning. The correct and current version of BouncyCastle is {{jdk15on}}, 
> as evidenced by the age of the releases:
> * jdk15on: 03/2012 - 10/2015 "The Bouncy Castle Crypto package is a Java 
> implementation of cryptographic algorithms. This jar contains JCE provider 
> and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to 
> JDK 1.8." (http://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on)
> * jdk16: 11/2007 - 02/2011 "The Bouncy Castle Crypto package is a Java 
> implementation of cryptographic algorithms. This jar contains JCE provider 
> and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.6." 
> (http://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk16)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to