You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/02/01 18:23:00 UTC
[jira] [Commented] (NIFI-8186) Exclude bcprov-ext-jdk15on from
spring-security-saml2-core
[ https://issues.apache.org/jira/browse/NIFI-8186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17276556#comment-17276556 ]
ASF subversion and git services commented on NIFI-8186:
-------------------------------------------------------
Commit b4e213cb2c80f50592564b27d952dbb672966f9b in nifi's branch refs/heads/main from exceptionfactory
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=b4e213c ]
NIFI-8186 Excluded bcprov-ext-jdk15on from spring-security-saml2-core dependency (#4793)
> Exclude bcprov-ext-jdk15on from spring-security-saml2-core
> ----------------------------------------------------------
>
> Key: NIFI-8186
> URL: https://issues.apache.org/jira/browse/NIFI-8186
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.13.0
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Labels: bouncycastle, security
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> The spring-security-saml2-core library has a transitive dependency on bcprov-ext-jdk15on version 1.60 through the com.narupley:not-going-to-be-commons-ssl library. The standard bcprov-jdk15on library is configured with version 1.68 through the framework, so the older extension version of the Bouncy Castle Provider should be excluded to avoid expected runtime behavior. The standard and extended versions of the Bouncy Castle Provider libraries are fundamentally similar, with the primary difference being the inclusion of classes to support of obscure NTRU algorithm in the extension library.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)