HADOOP-17563. Upgrade BouncyCastle to 1.68 (#3980) (#5015)

Addresses CVE-2020-15522 and CVE-2020-26939.

This can break builds with older maven shade plugins or
other code using asm.jar which is not aware of recent java bytecodes
and/or multi-release JARs. fix: use a later version of asm.jar

Contributed by PJ Fanning
This commit is contained in:
Steve Loughran 2022-10-15 15:09:05 +01:00 committed by GitHub
parent 08760fc4c1
commit cd856b7195
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 3 deletions

View File

@ -451,8 +451,8 @@ com.microsoft.azure:azure-cosmosdb-gateway:2.4.5
com.microsoft.azure:azure-data-lake-store-sdk:2.3.9 com.microsoft.azure:azure-data-lake-store-sdk:2.3.9
com.microsoft.azure:azure-keyvault-core:1.0.0 com.microsoft.azure:azure-keyvault-core:1.0.0
com.microsoft.sqlserver:mssql-jdbc:6.2.1.jre7 com.microsoft.sqlserver:mssql-jdbc:6.2.1.jre7
org.bouncycastle:bcpkix-jdk15on:1.60 org.bouncycastle:bcpkix-jdk15on:1.68
org.bouncycastle:bcprov-jdk15on:1.60 org.bouncycastle:bcprov-jdk15on:1.68
org.checkerframework:checker-qual:2.5.2 org.checkerframework:checker-qual:2.5.2
org.checkerframework:checker-qual:3.8.0 org.checkerframework:checker-qual:3.8.0
org.codehaus.mojo:animal-sniffer-annotations:1.17 org.codehaus.mojo:animal-sniffer-annotations:1.17

View File

@ -106,7 +106,7 @@
<guice.version>4.0</guice.version> <guice.version>4.0</guice.version>
<joda-time.version>2.9.9</joda-time.version> <joda-time.version>2.9.9</joda-time.version>
<bouncycastle.version>1.60</bouncycastle.version> <bouncycastle.version>1.68</bouncycastle.version>
<!-- Required for testing LDAP integration --> <!-- Required for testing LDAP integration -->
<apacheds.version>2.0.0-M21</apacheds.version> <apacheds.version>2.0.0-M21</apacheds.version>