You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-commits@hadoop.apache.org by st...@apache.org on 2022/10/15 14:09:23 UTC

[hadoop] branch branch-3.3 updated: HADOOP-17563. Upgrade BouncyCastle to 1.68 (#3980) (#5015)

This is an automated email from the ASF dual-hosted git repository.

stevel pushed a commit to branch branch-3.3
in repository https://gitbox.apache.org/repos/asf/hadoop.git


The following commit(s) were added to refs/heads/branch-3.3 by this push:
     new cd856b71954 HADOOP-17563. Upgrade BouncyCastle to 1.68 (#3980) (#5015)
cd856b71954 is described below

commit cd856b71954e2c522d1bfd14e4f8cc9e87fc5f26
Author: Steve Loughran <st...@cloudera.com>
AuthorDate: Sat Oct 15 15:09:05 2022 +0100

    HADOOP-17563. Upgrade BouncyCastle to 1.68 (#3980) (#5015)
    
    
    Addresses CVE-2020-15522 and CVE-2020-26939.
    
    This can break builds with older maven shade plugins or
    other code using asm.jar which is not aware of recent java bytecodes
    and/or multi-release JARs. fix: use a later version of asm.jar
    
    Contributed by PJ Fanning
---
 LICENSE-binary         | 4 ++--
 hadoop-project/pom.xml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index ba33689a8fa..059f50886bf 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -451,8 +451,8 @@ com.microsoft.azure:azure-cosmosdb-gateway:2.4.5
 com.microsoft.azure:azure-data-lake-store-sdk:2.3.9
 com.microsoft.azure:azure-keyvault-core:1.0.0
 com.microsoft.sqlserver:mssql-jdbc:6.2.1.jre7
-org.bouncycastle:bcpkix-jdk15on:1.60
-org.bouncycastle:bcprov-jdk15on:1.60
+org.bouncycastle:bcpkix-jdk15on:1.68
+org.bouncycastle:bcprov-jdk15on:1.68
 org.checkerframework:checker-qual:2.5.2
 org.checkerframework:checker-qual:3.8.0
 org.codehaus.mojo:animal-sniffer-annotations:1.17
diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index 8c7111855f5..24f533e55d5 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -106,7 +106,7 @@
     <guice.version>4.0</guice.version>
     <joda-time.version>2.9.9</joda-time.version>
 
-    <bouncycastle.version>1.60</bouncycastle.version>
+    <bouncycastle.version>1.68</bouncycastle.version>
 
     <!-- Required for testing LDAP integration -->
     <apacheds.version>2.0.0-M21</apacheds.version>


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org