[ https://issues.apache.org/jira/browse/TEZ-4158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17093801#comment-17093801 ]
Ashutosh Chauhan commented on TEZ-4158: --------------------------------------- +1 > Change to a maintained bouncy castle version > -------------------------------------------- > > Key: TEZ-4158 > URL: https://issues.apache.org/jira/browse/TEZ-4158 > Project: Apache Tez > Issue Type: Bug > Reporter: László Bodor > Assignee: László Bodor > Priority: Major > Attachments: TEZ-4158.01.patch, TEZ-4158.01.patch > > > The outdated bcprov-jdk16 (which is full of vulnerabilities) triggers > blackduck alerts, however, it's used only in test scope since TEZ-1832. The > currently maintained artifact is > [bcprov-jdk15on|https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on], > which [covers current JDK versions up to > JDK11.|https://www.bouncycastle.org/latest_releases.html] > So if tests (TestSecureShuffle) still pass, let's upgrade test scoped bouncy > castle. -- This message was sent by Atlassian Jira (v8.3.4#803005)