You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2021/01/19 09:16:50 UTC

[GitHub] [pulsar] fmiguelez opened a new issue #9235: Upgrade Bounce Castle dependency on client to solve CVE-2020-28052

fmiguelez opened a new issue #9235:
URL: https://github.com/apache/pulsar/issues/9235


   Library pulsar-client-2.7.0.jar has a dependency with Bouncy Castle 1.66 (bcprov-jdk15on-1.66.jar) with high-risk vulnerability 
   [CVE-2020-28052](https://nvd.nist.gov/vuln/detail/CVE-2020-28052).
   
   It has also been reported to directly affect [Pulsar Manager 0.1.0](https://lists.apache.org/thread.html/rb8b3025f8b507dec0b66791df408cdaf2d155866db1c7a1a4bc621cd%40%3Cdev.pulsar.apache.org%3E) 
   
   Solution would involve upgrading to BC 1.68.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] lhotari commented on issue #9235: Upgrade Bounce Castle dependency on client to solve CVE-2020-28052

Posted by GitBox <gi...@apache.org>.

lhotari commented on issue #9235:
URL: https://github.com/apache/pulsar/issues/9235#issuecomment-814226499


   it seems that this was resolved with #9199


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] codelipenghui commented on issue #9235: Upgrade Bounce Castle dependency on client to solve CVE-2020-28052

Posted by GitBox <gi...@apache.org>.

codelipenghui commented on issue #9235:
URL: https://github.com/apache/pulsar/issues/9235#issuecomment-1058894090


   The issue had no activity for 30 days, mark with Stale label.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org