[jira] [Commented] (TEZ-4158) Change to a maintained bouncy castle version

Ashutosh Chauhan (Jira) Mon, 27 Apr 2020 11:17:26 -0700


    [ 
https://issues.apache.org/jira/browse/TEZ-4158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17093801#comment-17093801
 ]


Ashutosh Chauhan commented on TEZ-4158:
---------------------------------------

+1

> Change to a maintained bouncy castle version
> --------------------------------------------
>
>                 Key: TEZ-4158
>                 URL: https://issues.apache.org/jira/browse/TEZ-4158
>             Project: Apache Tez
>          Issue Type: Bug
>            Reporter: László Bodor
>            Assignee: László Bodor
>            Priority: Major
>         Attachments: TEZ-4158.01.patch, TEZ-4158.01.patch
>
>
> The outdated bcprov-jdk16 (which is full of vulnerabilities) triggers 
> blackduck alerts, however, it's used only in test scope since TEZ-1832. The 
> currently maintained artifact is 
> [bcprov-jdk15on|https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on],
>  which [covers current JDK versions up to 
> JDK11.|https://www.bouncycastle.org/latest_releases.html]
> So if tests (TestSecureShuffle) still pass, let's upgrade test scoped bouncy 
> castle.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (TEZ-4158) Change to a maintained bouncy castle version

Reply via email to