You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2021/02/01 17:16:00 UTC
[jira] [Updated] (NIFI-8186) Exclude bcprov-ext-jdk15on from
spring-security-saml2-core
[ https://issues.apache.org/jira/browse/NIFI-8186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Handermann updated NIFI-8186:
-----------------------------------
Status: Patch Available (was: In Progress)
> Exclude bcprov-ext-jdk15on from spring-security-saml2-core
> ----------------------------------------------------------
>
> Key: NIFI-8186
> URL: https://issues.apache.org/jira/browse/NIFI-8186
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.13.0
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Labels: bouncycastle, security
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The spring-security-saml2-core library has a transitive dependency on bcprov-ext-jdk15on version 1.60 through the com.narupley:not-going-to-be-commons-ssl library. The standard bcprov-jdk15on library is configured with version 1.68 through the framework, so the older extension version of the Bouncy Castle Provider should be excluded to avoid expected runtime behavior. The standard and extended versions of the Bouncy Castle Provider libraries are fundamentally similar, with the primary difference being the inclusion of classes to support of obscure NTRU algorithm in the extension library.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)