Upgrade Bouncy Castle to 1.68 #9199

massakam · 2021-01-13T02:43:49Z

The version of Bouncy Castle that Pulsar currently depends on has security vulnerability, so upgraded it to the latest version.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-28052

sijie · 2021-01-13T03:18:11Z

@jiazhai Can you take a look at this PR?

The version of Bouncy Castle that Pulsar currently depends on has security vulnerability, so upgraded it to the latest version. https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-28052 (cherry picked from commit 527eb31)

The version of Bouncy Castle that Pulsar currently depends on has security vulnerability, so upgraded it to the latest version. https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-28052

Upgrade Bouncy Castle to 1.68

58af7c3

massakam added the area/security label Jan 13, 2021

massakam added this to the 2.8.0 milestone Jan 13, 2021

massakam self-assigned this Jan 13, 2021

sijie approved these changes Jan 13, 2021

View reviewed changes

jiazhai approved these changes Jan 13, 2021

View reviewed changes

jiazhai merged commit 527eb31 into apache:master Jan 13, 2021

massakam deleted the upgrade-bouncy-castle branch January 13, 2021 07:39

codelipenghui added the release/2.7.2 label Mar 10, 2021

codelipenghui added the cherry-picked/branch-2.7 Archived: 2.7 is end of life label Mar 10, 2021

lhotari mentioned this pull request Apr 6, 2021

Upgrade Bounce Castle dependency on client to solve CVE-2020-28052 #9235

Closed

Provide feedback