You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2021/05/19 15:56:56 UTC
[GitHub] [trafficcontrol] ARMmaster17 opened a new pull request #5871: Bump Bouncy Castle to version 1.68
ARMmaster17 opened a new pull request #5871:
URL: https://github.com/apache/trafficcontrol/pull/5871
## What does this PR (Pull Request) do?
- [x] This PR fixes #5783
This PR bumps the version of Bouncy Castle for all components of Traffic Router. Although the CVE originally mentioned in #5783 does not apply to Traffic Control, this minor revision update includes some nice bonuses such as TLS 1.3 support and other various security improvements and bug fixes.
Tested locally using CiaB with no issues.
## Which Traffic Control components are affected by this PR?
- Traffic Router
Documentation is not affected as this is only a package minor revision version bump, and no additional changes were required.
## What is the best way to verify this PR?
- Pull and launch CiaB.
- Verify in the container logs that Traffic Router starts up and imports certificates with no issues.
- Verify that HTTPS connections through `https://video.demo1.mycdn.ciab.test` work.
## If this is a bug fix, what versions of Traffic Control are affected?
Although it was deemed that the referenced CVE in #5783 does not apply to Traffic Control, the CVE mentions that versions 1.65 and 1.66 of Bouncy Castle are affected, which include the following versions of Traffic Control:
- master (968c7f9)
- 5.1.X
- 5.0.X
## The following criteria are ALL met by this PR
- [x] Tests are unnecessary
- [x] Documentation is unnecessary
- [x] This PR includes an update to CHANGELOG.md
- [x] This PR includes any and all required license headers
- [x] This PR **DOES NOT FIX A SERIOUS SECURITY VULNERABILITY** (see [the Apache Software Foundation's security guidelines](https://www.apache.org/security/) for details)
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman merged pull request #5871: Bump Bouncy Castle to version 1.68
Posted by GitBox <gi...@apache.org>.
zrhoffman merged pull request #5871:
URL: https://github.com/apache/trafficcontrol/pull/5871
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org