You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@bookkeeper.apache.org by "hangc0276 (via GitHub)" <gi...@apache.org> on 2023/04/13 04:48:49 UTC
[GitHub] [bookkeeper] hangc0276 opened a new pull request, #3915: Upgrade bc-fips to 1.0.2.4 to fix CVE-2022-45146
hangc0276 opened a new pull request, #3915:
URL: https://github.com/apache/bookkeeper/pull/3915
### Motivation
#### [CVE-2022-45146](https://www.cve.org/CVERecord?id=CVE-2022-45146)
Detailed paths
Introduced through: org.apache.distributedlog:dlfs@4.16.0-SNAPSHOT › org.apache.distributedlog:distributedlog-core@4.16.0-SNAPSHOT › org.apache.bookkeeper:bookkeeper-server@4.16.0-SNAPSHOT › org.bouncycastle:bc-fips@1.0.2.3
Fixed in org.bouncycastle:bc-fips@1.0.2.4
### Changes
Upgrade the org.bouncycastle:bc-fips dependency from 1.0.2.3 to 1.0.2.4
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] hangc0276 commented on pull request #3915: Upgrade bc-fips to 1.0.2.4 to fix CVE-2022-45146
Posted by "hangc0276 (via GitHub)" <gi...@apache.org>.
hangc0276 commented on PR #3915:
URL: https://github.com/apache/bookkeeper/pull/3915#issuecomment-1537043389
> @hangc0276 Perhaps we can bring up this PR again?
>
> Ref - [bcgit/bc-java#1371 (comment)](https://github.com/bcgit/bc-java/issues/1371#issuecomment-1536872754)
@tisonkun The new version is still not available in Maven, waiting for it to be available in the Maven repo.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] Upgrade bc-fips to 1.0.2.4 to fix CVE-2022-45146 [bookkeeper]
Posted by "hangc0276 (via GitHub)" <gi...@apache.org>.
hangc0276 merged PR #3915:
URL: https://github.com/apache/bookkeeper/pull/3915
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] hangc0276 commented on pull request #3915: Upgrade bc-fips to 1.0.2.4 to fix CVE-2022-45146
Posted by "hangc0276 (via GitHub)" <gi...@apache.org>.
hangc0276 commented on PR #3915:
URL: https://github.com/apache/bookkeeper/pull/3915#issuecomment-1506452735
This version is not found in the Maven.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] tisonkun commented on pull request #3915: Upgrade bc-fips to 1.0.2.4 to fix CVE-2022-45146
Posted by "tisonkun (via GitHub)" <gi...@apache.org>.
tisonkun commented on PR #3915:
URL: https://github.com/apache/bookkeeper/pull/3915#issuecomment-1536967106
@hangc0276 Perhaps we can bring up this PR again?
Ref - https://github.com/bcgit/bc-java/issues/1371#issuecomment-1536872754
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org