-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unexpected code execution vulnerability in bcprov-jdk15on dependency #337
Comments
Thanks for reporting this. Unfortunately, there's nothing we can do at this point since this is really an issue in Redline library (https://github.com/craigwblake/redline) This library uses Forcing this plugin to use that version just causes things to break. We would need redline folks to fix their library. I'll open an issue with them and try to follow up |
Opened issue and pull requests for this: |
We should have a new release of |
Great, thanks for the heads up! I'll keep an eye on it and upgrade as soon as it becomes available! |
Upgrade to redline 1.2.9 - Fixes #337
Hi folks v7.6.3 contains the upgrade for redline 👍 |
All versions (tested on 6.2.1) depend on org.bouncycastle:bcprov-jdk15on:1.51 which has an unexpected code execution vulnerability. (See https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32412 for details).
Recommended resolution is to upgrade to 1.60 or higher. 1.62 is the latest and so far no reported vulnerabilities.
The text was updated successfully, but these errors were encountered: