[ 
https://issues.apache.org/jira/browse/NIFI-4928?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andy LoPresto updated NIFI-4928:
--------------------------------
    Description: BouncyCastle 1.59 is now available. Currently we are using 
1.55. See [https://www.bouncycastle.org/releasenotes.html|Section 2.1.1 - 
2.4.5] for details of new features and bug fixes.   (was: The existing Maven 
dependencies are for {{org.bouncycastle:bcprov-jdk16:1.46}} and 
{{org.bouncycastle:bcpg-jdk16:1.46}}. While {{jdk16}} looks "newer" than 
{{jdk15on}}, this was actually a legacy mistake on the part of BouncyCastle 
versioning. The correct and current version of BouncyCastle is {{jdk15on}}, as 
evidenced by the age of the releases:

* jdk15on: 03/2012 - 10/2015 "The Bouncy Castle Crypto package is a Java 
implementation of cryptographic algorithms. This jar contains JCE provider and 
lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 
1.8." (http://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on)
* jdk16: 11/2007 - 02/2011 "The Bouncy Castle Crypto package is a Java 
implementation of cryptographic algorithms. This jar contains JCE provider and 
lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.6." 
(http://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk16))

> Upgrade to current version of BouncyCastle (1.55 -> 1.59)
> ---------------------------------------------------------
>
>                 Key: NIFI-4928
>                 URL: https://issues.apache.org/jira/browse/NIFI-4928
>             Project: Apache NiFi
>          Issue Type: Task
>          Components: Core Framework
>    Affects Versions: 1.5.0
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>            Priority: Major
>              Labels: dependencies, security
>
> BouncyCastle 1.59 is now available. Currently we are using 1.55. See 
> [https://www.bouncycastle.org/releasenotes.html|Section 2.1.1 - 2.4.5] for 
> details of new features and bug fixes. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to