[jira] [Resolved] (TEZ-4560) Upgrade bouncycastle to 1.77 due to CVE.

Jira Mon, 06 May 2024 00:51:10 -0700


     [ 
https://issues.apache.org/jira/browse/TEZ-4560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


László Bodor resolved TEZ-4560.
-------------------------------
    Resolution: Fixed

> Upgrade bouncycastle to 1.77 due to CVE.
> ----------------------------------------
>
>                 Key: TEZ-4560
>                 URL: https://issues.apache.org/jira/browse/TEZ-4560
>             Project: Apache Tez
>          Issue Type: Improvement
>            Reporter: Shilun Fan
>            Assignee: Shilun Fan
>            Priority: Major
>             Fix For: 0.10.4
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. 
> We can find more information at the following link:
> [https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70]
> The link to the CVE is as follows: 
> [CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202]
> [CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201]
> We can upgrade bcprov-jdk15on to bcprov-jdk18on to address the CVE issues.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (TEZ-4560) Upgrade bouncycastle to 1.77 due to CVE.

Reply via email to