Upgrade bc-fips to 1.0.2.4 to fix CVE-2022-45146 #3915
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This version is not found in the Maven. |
|
@hangc0276 Perhaps we can bring up this PR again? |
@tisonkun The new version is still not available in Maven, waiting for it to be available in the Maven repo. |
hangc0276
force-pushed
the
chenhang/upgrade_bc-fips_to_1.0.2.4_fix_CVE-2022-45146
branch
from
08d796d to
9ac8e2d
Compare
zymap
approved these changes
Oct 26, 2023
zymap
pushed a commit
that referenced
this pull request
Dec 6, 2023
### Motivation #### [CVE-2022-45146](https://www.cve.org/CVERecord?id=CVE-2022-45146) Detailed paths Introduced through: org.apache.distributedlog:[email protected] › org.apache.distributedlog:[email protected] › org.apache.bookkeeper:[email protected] › org.bouncycastle:[email protected] Fixed in org.bouncycastle:[email protected] ### Changes Upgrade the org.bouncycastle:bc-fips dependency from 1.0.2.3 to 1.0.2.4 (cherry picked from commit 61c03ad)
yangl
pushed a commit
to yangl/bookkeeper
that referenced
this pull request
Dec 11, 2023
### Motivation #### [CVE-2022-45146](https://www.cve.org/CVERecord?id=CVE-2022-45146) Detailed paths Introduced through: org.apache.distributedlog:[email protected] › org.apache.distributedlog:[email protected] › org.apache.bookkeeper:[email protected] › org.bouncycastle:[email protected] Fixed in org.bouncycastle:[email protected] ### Changes Upgrade the org.bouncycastle:bc-fips dependency from 1.0.2.3 to 1.0.2.4
hangc0276
added a commit
to hangc0276/bookkeeper
that referenced
this pull request
Jan 18, 2024
### Motivation #### [CVE-2022-45146](https://www.cve.org/CVERecord?id=CVE-2022-45146) Detailed paths Introduced through: org.apache.distributedlog:[email protected] › org.apache.distributedlog:[email protected] › org.apache.bookkeeper:[email protected] › org.bouncycastle:[email protected] Fixed in org.bouncycastle:[email protected] ### Changes Upgrade the org.bouncycastle:bc-fips dependency from 1.0.2.3 to 1.0.2.4 (cherry picked from commit 61c03ad)
Ghatage
pushed a commit
to sijie/bookkeeper
that referenced
this pull request
Jul 12, 2024
### Motivation #### [CVE-2022-45146](https://www.cve.org/CVERecord?id=CVE-2022-45146) Detailed paths Introduced through: org.apache.distributedlog:[email protected] › org.apache.distributedlog:[email protected] › org.apache.bookkeeper:[email protected] › org.bouncycastle:[email protected] Fixed in org.bouncycastle:[email protected] ### Changes Upgrade the org.bouncycastle:bc-fips dependency from 1.0.2.3 to 1.0.2.4
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
CVE-2022-45146
Detailed paths
Introduced through: org.apache.distributedlog:[email protected] › org.apache.distributedlog:[email protected] › org.apache.bookkeeper:[email protected] › org.bouncycastle:[email protected]
Fixed in org.bouncycastle:[email protected]
Changes
Upgrade the org.bouncycastle:bc-fips dependency from 1.0.2.3 to 1.0.2.4