[
https://issues.apache.org/jira/browse/NIFI-4928?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andy LoPresto updated NIFI-4928:
--------------------------------
Description: BouncyCastle 1.59 is now available. Currently we are using
1.55. See [https://www.bouncycastle.org/releasenotes.html|Section 2.1.1 -
2.4.5] for details of new features and bug fixes. (was: The existing Maven
dependencies are for {{org.bouncycastle:bcprov-jdk16:1.46}} and
{{org.bouncycastle:bcpg-jdk16:1.46}}. While {{jdk16}} looks "newer" than
{{jdk15on}}, this was actually a legacy mistake on the part of BouncyCastle
versioning. The correct and current version of BouncyCastle is {{jdk15on}}, as
evidenced by the age of the releases:
* jdk15on: 03/2012 - 10/2015 "The Bouncy Castle Crypto package is a Java
implementation of cryptographic algorithms. This jar contains JCE provider and
lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK
1.8." (http://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on)
* jdk16: 11/2007 - 02/2011 "The Bouncy Castle Crypto package is a Java
implementation of cryptographic algorithms. This jar contains JCE provider and
lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.6."
(http://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk16))
> Upgrade to current version of BouncyCastle (1.55 -> 1.59)
> ---------------------------------------------------------
>
> Key: NIFI-4928
> URL: https://issues.apache.org/jira/browse/NIFI-4928
> Project: Apache NiFi
> Issue Type: Task
> Components: Core Framework
> Affects Versions: 1.5.0
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Major
> Labels: dependencies, security
>
> BouncyCastle 1.59 is now available. Currently we are using 1.55. See
> [https://www.bouncycastle.org/releasenotes.html|Section 2.1.1 - 2.4.5] for
> details of new features and bug fixes.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
