Please release 1.83 (for java.lang.NoSuchFieldError: id_alg_composite)

[muthu-palaniyappan]

Issue

In bouncycastle 1.79, 1.80, 1.81, 1.82, When i call new JcaContentSignerBuilder("SHA256WithRSA"), i get 🔽 this Exception.

java.lang.NoSuchFieldError: id_alg_composite
   at org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.<clinit>(Unknown Source)
   at org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.<clinit>(Unknown Source)

This issue is fixed in 7c4d661

Which is not yet released yet (1.83) !!
Is there any plan to release this ASAP as there is a CVE-2025-8916 ?

[dghgit]

Actually, no it isn't. It sounds like you need to include the bcutil jar. The CVE was fixed quite a while ago as well.

[muthu-palaniyappan]

That fixed 👍

Thank you ✌️