From cd856b71954e2c522d1bfd14e4f8cc9e87fc5f26 Mon Sep 17 00:00:00 2001 From: Steve Loughran Date: Sat, 15 Oct 2022 15:09:05 +0100 Subject: [PATCH] HADOOP-17563. Upgrade BouncyCastle to 1.68 (#3980) (#5015) Addresses CVE-2020-15522 and CVE-2020-26939. This can break builds with older maven shade plugins or other code using asm.jar which is not aware of recent java bytecodes and/or multi-release JARs. fix: use a later version of asm.jar Contributed by PJ Fanning --- LICENSE-binary | 4 ++-- hadoop-project/pom.xml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/LICENSE-binary b/LICENSE-binary index ba33689a8f..059f50886b 100644 --- a/LICENSE-binary +++ b/LICENSE-binary @@ -451,8 +451,8 @@ com.microsoft.azure:azure-cosmosdb-gateway:2.4.5 com.microsoft.azure:azure-data-lake-store-sdk:2.3.9 com.microsoft.azure:azure-keyvault-core:1.0.0 com.microsoft.sqlserver:mssql-jdbc:6.2.1.jre7 -org.bouncycastle:bcpkix-jdk15on:1.60 -org.bouncycastle:bcprov-jdk15on:1.60 +org.bouncycastle:bcpkix-jdk15on:1.68 +org.bouncycastle:bcprov-jdk15on:1.68 org.checkerframework:checker-qual:2.5.2 org.checkerframework:checker-qual:3.8.0 org.codehaus.mojo:animal-sniffer-annotations:1.17 diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml index 8c7111855f..24f533e55d 100644 --- a/hadoop-project/pom.xml +++ b/hadoop-project/pom.xml @@ -106,7 +106,7 @@ 4.0 2.9.9 - 1.60 + 1.68 2.0.0-M21