You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2023/06/15 17:07:00 UTC
[jira] [Created] (NIFI-11696) Upgrade Bouncy Castle to 1.74
David Handermann created NIFI-11696:
---------------------------------------
Summary: Upgrade Bouncy Castle to 1.74
Key: NIFI-11696
URL: https://issues.apache.org/jira/browse/NIFI-11696
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework, Extensions
Reporter: David Handermann
Assignee: David Handermann
Fix For: 1.latest, 2.latest
Bouncy Castle [1.74|https://www.bouncycastle.org/releasenotes.html#r1rv74] includes a number of bug fixes and feature improvements over previous versions.
Bouncy Castle 1.72 and 1.73 included the defunct SIKE algorithm, which added multiple megabytes to the provider library. Version 1.74 removed this algorithm, minimizing the size impact of the new version.
Bouncy Castle 1.74 also resolves CVE-2023-33201 related to LDAP certificate store handling. Apache NiFi does not use the X509LDAPCertStoreSpi class.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)