HADOOP-19154. Upgrade bouncycastle to 1.78.1 due to CVEs (#6755)
Addresses * CVE-2024-29857 - Importing an EC certificate with specially crafted F2m parameters can cause high CPU usage during parameter evaluation. * CVE-2024-30171 - Possible timing based leakage in RSA based handshakes due to exception processing eliminated. * CVE-2024-30172 - Crafted signature and public key can be used to trigger an infinite loop in the Ed25519 verification code. * CVE-2024-301XX - When endpoint identification is enabled and an SSL socket is not created with an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address. Contributed by PJ Fanning
This commit is contained in:
parent
d8d3d538e4
commit
2ee0bf9534
@ -482,9 +482,9 @@ com.microsoft.azure:azure-cosmosdb-gateway:2.4.5
|
|||||||
com.microsoft.azure:azure-data-lake-store-sdk:2.3.3
|
com.microsoft.azure:azure-data-lake-store-sdk:2.3.3
|
||||||
com.microsoft.azure:azure-keyvault-core:1.0.0
|
com.microsoft.azure:azure-keyvault-core:1.0.0
|
||||||
com.microsoft.sqlserver:mssql-jdbc:6.2.1.jre7
|
com.microsoft.sqlserver:mssql-jdbc:6.2.1.jre7
|
||||||
org.bouncycastle:bcpkix-jdk18on:1.77
|
org.bouncycastle:bcpkix-jdk18on:1.78.1
|
||||||
org.bouncycastle:bcprov-jdk18on:1.77
|
org.bouncycastle:bcprov-jdk18on:1.78.1
|
||||||
org.bouncycastle:bcutil-jdk18on:1.77
|
org.bouncycastle:bcutil-jdk18on:1.78.1
|
||||||
org.checkerframework:checker-qual:2.5.2
|
org.checkerframework:checker-qual:2.5.2
|
||||||
org.codehaus.mojo:animal-sniffer-annotations:1.21
|
org.codehaus.mojo:animal-sniffer-annotations:1.21
|
||||||
org.jruby.jcodings:jcodings:1.0.13
|
org.jruby.jcodings:jcodings:1.0.13
|
||||||
|
@ -86,7 +86,7 @@ Linux kernel 2.6+
|
|||||||
- joda-time (version 2.9.9 recommended)
|
- joda-time (version 2.9.9 recommended)
|
||||||
- httpClient (version 4.5.1 or later recommended)
|
- httpClient (version 4.5.1 or later recommended)
|
||||||
- Jackson: jackson-core, jackson-databind, jackson-annotations (version 2.9.8 or later)
|
- Jackson: jackson-core, jackson-databind, jackson-annotations (version 2.9.8 or later)
|
||||||
- bcprov-jdk18on (version 1.77 recommended)
|
- bcprov-jdk18on (version 1.78.1 recommended)
|
||||||
|
|
||||||
|
|
||||||
#### Configure Properties
|
#### Configure Properties
|
||||||
|
@ -111,7 +111,7 @@
|
|||||||
<guava.version>27.0-jre</guava.version>
|
<guava.version>27.0-jre</guava.version>
|
||||||
<guice.version>4.2.3</guice.version>
|
<guice.version>4.2.3</guice.version>
|
||||||
|
|
||||||
<bouncycastle.version>1.78</bouncycastle.version>
|
<bouncycastle.version>1.78.1</bouncycastle.version>
|
||||||
|
|
||||||
<!-- Required for testing LDAP integration -->
|
<!-- Required for testing LDAP integration -->
|
||||||
<apacheds.version>2.0.0.AM26</apacheds.version>
|
<apacheds.version>2.0.0.AM26</apacheds.version>
|
||||||
|
Loading…
Reference in New Issue
Block a user