Skip to content

HIVE-28065: Upgrade Bouncy castle to bcprov-jdk18on 1.77 #5071

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ayushtkn merged 1 commit into from
Feb 20, 2024
Merged

HIVE-28065: Upgrade Bouncy castle to bcprov-jdk18on 1.77 #5071

ayushtkn merged 1 commit into from
Feb 20, 2024

Conversation

@armitage420
Copy link
Contributor

@armitage420 armitage420 commented Feb 7, 2024
edited
Loading

What changes were proposed in this pull request?

Upgrade Bouncy Castle to 1.77

Why are the changes needed?

Bouncy Castle for java before 1.68(excluding) is found with a potential LDAP injection:
https://nvd.nist.gov/vuln/detail/CVE-2023-33201

Does this PR introduce any user-facing change?

No

Is the change a dependency upgrade?

Yes
bcprovTree.txt

How was this patch tested?

Manually

@ayushtkn
Copy link
Member

ayushtkn commented Feb 7, 2024

image

the title says "Upgrade Bouncy castle", how is this a "No"?, there are some steps mentioned in case of dependency upgade:
https://github.com/apache/hive/blob/master/.github/pull_request_template.md?plain=1#L40-L44

@armitage420
Copy link
Contributor Author

armitage420 commented Feb 11, 2024
edited
Loading

image the title says "Upgrade Bouncy castle", how is this a "No"?, there are some steps mentioned in case of dependency upgade: https://github.com/apache/hive/blob/master/.github/pull_request_template.md?plain=1#L40-L44

Hello, I have made the required changes, and added the dependency tree for the reference too. Thank you for reviewing my PR

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 18, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

zhangbutao
zhangbutao approved these changes Feb 19, 2024
View reviewed changes
Copy link
Contributor

@zhangbutao zhangbutao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM +1
cc @ayushtkn

@ayushtkn ayushtkn merged commit a3926cc into apache:master Feb 20, 2024
@ayushtkn
Copy link
Member

ayushtkn commented Feb 20, 2024

Ouch, I didn't hit the approve button before merging :-)

Changes LGTM

dengzhhu653 pushed a commit to dengzhhu653/hive that referenced this pull request Mar 7, 2024
@armitage420 @dengzhhu653
HIVE-28065: Upgrade Bouncy castle to bcprov-jdk18on 1.77 (apache#5071)…
6bf1ba2 
…. (Araika Singh, reviewed by Ayush Saxena, Butao Zhang)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zhangbutao zhangbutao zhangbutao approved these changes

Assignees

No one assigned

Labels

tests passed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@armitage420 @ayushtkn @zhangbutao @asf-ci-hive