Commit Graph

4 Commits

Author SHA1 Message Date
PJ Fanning
2ee0bf9534
HADOOP-19154. Upgrade bouncycastle to 1.78.1 due to CVEs (#6755)
Addresses

* CVE-2024-29857 - Importing an EC certificate with specially crafted F2m parameters can cause high CPU usage during parameter evaluation.
* CVE-2024-30171 - Possible timing based leakage in RSA based handshakes due to exception processing eliminated.
* CVE-2024-30172 - Crafted signature and public key can be used to trigger an infinite loop in the Ed25519 verification code.
* CVE-2024-301XX - When endpoint identification is enabled and an SSL socket is not created with an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address. 

Contributed by PJ Fanning
2024-06-05 15:31:23 +01:00
PJ Fanning
06db6289cb
HADOOP-19024. Use bouncycastle jdk18 1.77 (#6410). Contributed 2024-03-30 19:58:12 +05:30
Sammi Chen
82ff7bc9ab HADOOP-16959. Resolve hadoop-cos dependency conflict. Contributed by Yang Yu. 2020-04-20 18:14:11 +08:00
Masatake Iwasaki
a98c4dfc47 HADOOP-16702. Move documentation of hadoop-cos to under src directory.
Signed-off-by: Masatake Iwasaki <iwasakims@apache.org>
2019-11-12 17:47:17 +09:00