You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@tez.apache.org by "László Bodor (Jira)" <ji...@apache.org> on 2020/04/27 12:01:00 UTC
[jira] [Comment Edited] (TEZ-4158) Change to a maintained bouncy
castle version
[ https://issues.apache.org/jira/browse/TEZ-4158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17093404#comment-17093404 ]
László Bodor edited comment on TEZ-4158 at 4/27/20, 12:00 PM:
--------------------------------------------------------------
cc: [~jeagles], [~ashutoshc]: could I proceed with this?
was (Author: abstractdog):
cc: [~jeagles]: could I proceed with this?
> Change to a maintained bouncy castle version
> --------------------------------------------
>
> Key: TEZ-4158
> URL: https://issues.apache.org/jira/browse/TEZ-4158
> Project: Apache Tez
> Issue Type: Bug
> Reporter: László Bodor
> Assignee: László Bodor
> Priority: Major
> Attachments: TEZ-4158.01.patch
>
>
> The outdated bcprov-jdk16 (which is full of vulnerabilities) triggers blackduck alerts, however, it's used only in test scope since TEZ-1832. The currently maintained artifact is [bcprov-jdk15on|https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on], which [covers current JDK versions up to JDK11.|https://www.bouncycastle.org/latest_releases.html]
> So if tests (TestSecureShuffle) still pass, let's upgrade test scoped bouncy castle.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)