You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ignite.apache.org by GitBox <gi...@apache.org> on 2020/05/27 14:43:54 UTC

[GitHub] [ignite] SammyVimes opened a new pull request #7861: IGNITE-13084 Update BouncyCastle dependency to fix potential vulnerability

SammyVimes opened a new pull request #7861:
URL: https://github.com/apache/ignite/pull/7861


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [ignite] alamar commented on a change in pull request #7861: IGNITE-13084 Update BouncyCastle dependency to fix potential vulnerability

Posted by GitBox <gi...@apache.org>.

alamar commented on a change in pull request #7861:
URL: https://github.com/apache/ignite/pull/7861#discussion_r434422083



##########
File path: parent/pom.xml
##########
@@ -55,6 +55,7 @@
         <aws.sdk.version>1.11.75</aws.sdk.version>
         <camel.version>2.22.0</camel.version>
         <aws.encryption.sdk.version>1.3.2</aws.encryption.sdk.version>
+        <bouncycastle.version>1.60</bouncycastle.version>

Review comment:
       Why not 1.65?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [ignite] SammyVimes commented on a change in pull request #7861: IGNITE-13084 Update BouncyCastle dependency to fix potential vulnerability

Posted by GitBox <gi...@apache.org>.

SammyVimes commented on a change in pull request #7861:
URL: https://github.com/apache/ignite/pull/7861#discussion_r436524474



##########
File path: parent/pom.xml
##########
@@ -55,6 +55,7 @@
         <aws.sdk.version>1.11.75</aws.sdk.version>
         <camel.version>2.22.0</camel.version>
         <aws.encryption.sdk.version>1.3.2</aws.encryption.sdk.version>
+        <bouncycastle.version>1.60</bouncycastle.version>

Review comment:
       There are a lot of api changes for 1.65 version (https://abi-laboratory.pro/index.php?view=timeline&lang=java&l=bcprov-jdk15on). Given that this is a transitive dependency for aws library, I thought that 1.65 can break aws support




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [ignite] alamar commented on a change in pull request #7861: IGNITE-13084 Update BouncyCastle dependency to fix potential vulnerability

Posted by GitBox <gi...@apache.org>.

alamar commented on a change in pull request #7861:
URL: https://github.com/apache/ignite/pull/7861#discussion_r437284340



##########
File path: parent/pom.xml
##########
@@ -55,6 +55,7 @@
         <aws.sdk.version>1.11.75</aws.sdk.version>
         <camel.version>2.22.0</camel.version>
         <aws.encryption.sdk.version>1.3.2</aws.encryption.sdk.version>
+        <bouncycastle.version>1.60</bouncycastle.version>

Review comment:
       OK, let's go forward with this.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [ignite] asfgit closed pull request #7861: IGNITE-13084 Update BouncyCastle dependency to fix potential vulnerability

Posted by GitBox <gi...@apache.org>.

asfgit closed pull request #7861:
URL: https://github.com/apache/ignite/pull/7861


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org