You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "PJ Fanning (Jira)" <ji...@apache.org> on 2024/01/04 16:05:00 UTC

[jira] [Created] (HADOOP-19024) change to bouncy castle jdk1.8 jars

PJ Fanning created HADOOP-19024:
-----------------------------------

             Summary: change to bouncy castle jdk1.8 jars
                 Key: HADOOP-19024
                 URL: https://issues.apache.org/jira/browse/HADOOP-19024
             Project: Hadoop Common
          Issue Type: Task
            Reporter: PJ Fanning


They have stopped patching the JDK 1.5 jars that Hadoop uses (see https://issues.apache.org/jira/browse/HADOOP-18540).

The new artifacts have similar names - but the names are like bcprov-jdk18on as opposed to bcprov-jdk15on.

CVE-2023-33201 is an example of a security issue that seems only to be fixed in the JDK 1.8 artifacts (ie no JDK 1.5 jar has the fix).

https://www.bouncycastle.org/releasenotes.html#r1rv77 latest current release but the CVE was fixed in 1.74.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org