Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade bc-fips to 1.0.2.4 to fix CVE-2022-45146 #3915

Merged
merged 3 commits into from
Oct 26, 2023
Merged

Upgrade bc-fips to 1.0.2.4 to fix CVE-2022-45146 #3915

merged 3 commits into from
Oct 26, 2023

Conversation

hangc0276
Copy link
Contributor

Motivation

CVE-2022-45146

Detailed paths
Introduced through: org.apache.distributedlog:dlfs@4.16.0-SNAPSHOT › org.apache.distributedlog:distributedlog-core@4.16.0-SNAPSHOT › org.apache.bookkeeper:bookkeeper-server@4.16.0-SNAPSHOT › org.bouncycastle:bc-fips@1.0.2.3

Fixed in org.bouncycastle:bc-fips@1.0.2.4

Changes

Upgrade the org.bouncycastle:bc-fips dependency from 1.0.2.3 to 1.0.2.4

@hangc0276 hangc0276 self-assigned this Apr 13, 2023
@hangc0276 hangc0276 added this to the 4.17.0 milestone Apr 13, 2023
@hangc0276 hangc0276 mentioned this pull request Apr 13, 2023
Closed
@hangc0276
Copy link
Contributor Author

This version is not found in the Maven.

@tisonkun
Copy link
Member

tisonkun commented May 6, 2023

@hangc0276 Perhaps we can bring up this PR again?

Ref - bcgit/bc-java#1371 (comment)

@hangc0276
Copy link
Contributor Author

@hangc0276 Perhaps we can bring up this PR again?

Ref - bcgit/bc-java#1371 (comment)

@tisonkun The new version is still not available in Maven, waiting for it to be available in the Maven repo.

@hangc0276 hangc0276 force-pushed the chenhang/upgrade_bc-fips_to_1.0.2.4_fix_CVE-2022-45146 branch from 08d796d to 9ac8e2d Compare October 23, 2023 02:59
@hangc0276 hangc0276 mentioned this pull request Oct 23, 2023
Closed
@hangc0276 hangc0276 merged commit 61c03ad into apache:master Oct 26, 2023
16 checks passed
zymap pushed a commit that referenced this pull request Dec 6, 2023
@hangc0276 @zymap
Upgrade bc-fips to 1.0.2.4 to fix CVE-2022-45146 (#3915)
74d62b4 
### Motivation
#### [CVE-2022-45146](https://www.cve.org/CVERecord?id=CVE-2022-45146)
Detailed paths
Introduced through: org.apache.distributedlog:dlfs@4.16.0-SNAPSHOT › org.apache.distributedlog:distributedlog-core@4.16.0-SNAPSHOT › org.apache.bookkeeper:bookkeeper-server@4.16.0-SNAPSHOT › org.bouncycastle:bc-fips@1.0.2.3

Fixed in org.bouncycastle:bc-fips@1.0.2.4

### Changes
Upgrade the org.bouncycastle:bc-fips dependency from 1.0.2.3 to 1.0.2.4

(cherry picked from commit 61c03ad)
yangl pushed a commit to yangl/bookkeeper that referenced this pull request Dec 11, 2023
@hangc0276 @yangl
Upgrade bc-fips to 1.0.2.4 to fix CVE-2022-45146 (apache#3915)
90972d9 
### Motivation
#### [CVE-2022-45146](https://www.cve.org/CVERecord?id=CVE-2022-45146)
Detailed paths
Introduced through: org.apache.distributedlog:dlfs@4.16.0-SNAPSHOT › org.apache.distributedlog:distributedlog-core@4.16.0-SNAPSHOT › org.apache.bookkeeper:bookkeeper-server@4.16.0-SNAPSHOT › org.bouncycastle:bc-fips@1.0.2.3

Fixed in org.bouncycastle:bc-fips@1.0.2.4

### Changes
Upgrade the org.bouncycastle:bc-fips dependency from 1.0.2.3 to 1.0.2.4
hangc0276 added a commit to hangc0276/bookkeeper that referenced this pull request Jan 18, 2024
@hangc0276
Upgrade bc-fips to 1.0.2.4 to fix CVE-2022-45146 (apache#3915)
636d8a3 
### Motivation
#### [CVE-2022-45146](https://www.cve.org/CVERecord?id=CVE-2022-45146)
Detailed paths
Introduced through: org.apache.distributedlog:dlfs@4.16.0-SNAPSHOT › org.apache.distributedlog:distributedlog-core@4.16.0-SNAPSHOT › org.apache.bookkeeper:bookkeeper-server@4.16.0-SNAPSHOT › org.bouncycastle:bc-fips@1.0.2.3

Fixed in org.bouncycastle:bc-fips@1.0.2.4

### Changes
Upgrade the org.bouncycastle:bc-fips dependency from 1.0.2.3 to 1.0.2.4

(cherry picked from commit 61c03ad)
Ghatage pushed a commit to sijie/bookkeeper that referenced this pull request Jul 12, 2024
@hangc0276
Upgrade bc-fips to 1.0.2.4 to fix CVE-2022-45146 (apache#3915)
8b68c83 
### Motivation
#### [CVE-2022-45146](https://www.cve.org/CVERecord?id=CVE-2022-45146)
Detailed paths
Introduced through: org.apache.distributedlog:dlfs@4.16.0-SNAPSHOT › org.apache.distributedlog:distributedlog-core@4.16.0-SNAPSHOT › org.apache.bookkeeper:bookkeeper-server@4.16.0-SNAPSHOT › org.bouncycastle:bc-fips@1.0.2.3

Fixed in org.bouncycastle:bc-fips@1.0.2.4

### Changes
Upgrade the org.bouncycastle:bc-fips dependency from 1.0.2.3 to 1.0.2.4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zymap zymap zymap approved these changes

@eolivelli eolivelli Awaiting requested review from eolivelli

@shoothzj shoothzj Awaiting requested review from shoothzj

@StevenLuMT StevenLuMT Awaiting requested review from StevenLuMT

Assignees

@hangc0276 hangc0276

Labels
area/security cherry-picked/branch-4.15 cherry-picked/branch-4.16 release/4.14.9 release/4.15.5 release/4.16.4
Projects
None yet
Milestone
4.17.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@hangc0276 @tisonkun @zymap