RAJU THANNEERU created TOMEE-4336: ------------------------------------- Summary: Upgrade bcprov-jdk15to18-1.76.jar and bcpkix-jdk15to18-1.76.jar Key: TOMEE-4336 URL: https://issues.apache.org/jira/browse/TOMEE-4336 Project: TomEE Issue Type: Dependency upgrade Components: TomEE Core Server Affects Versions: 9.1.3 Reporter: RAJU THANNEERU
New vulnerabilities in bcprov-jdk15to18-1.76.jar and bcpkix-jdk15to18-1.76.jar Looks like these are already addressed in 1.78 version, so upgrade to 1.78 or 1.78.1 *bcprov-jdk15to18-1.76.jar* |[CVE-2024-29857|https://nvd.nist.gov/vuln/detail/CVE-2024-29857]| |[CVE-2024-30171|https://nvd.nist.gov/vuln/detail/CVE-2024-30171]| |[CVE-2024-30172|https://nvd.nist.gov/vuln/detail/CVE-2024-30172]| |[CVE-2024-34447|https://nvd.nist.gov/vuln/detail/CVE-2024-34447]| *bcpkix-jdk15to18-1.76.jar* |[CVE-2024-29857|https://nvd.nist.gov/vuln/detail/CVE-2024-29857]| |[CVE-2024-30171|https://nvd.nist.gov/vuln/detail/CVE-2024-30171]| |[CVE-2024-30172|https://nvd.nist.gov/vuln/detail/CVE-2024-30172]| -- This message was sent by Atlassian Jira (v8.20.10#820010)