[KARAF-7240] Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 4.3.2
Fix Version/s: 4.2.12, 4.3.3
Component/s: karaf
Labels:
None
Environment:

Apache Karaf - OSGi

Target Version/s:

4.2.12, 4.3.3

Description

We are using Apache Karaf 4.3.2 in our project and our security scans report CVE-2020-28052 (https://nvd.nist.gov/vuln/detail/CVE-2020-28052) on our package because Karaf by default packs bcprov and bcpkix 1.66 versions. The fix for the specified CVE is to use bcprov and bcpkis 1.67 and higher. Apache Karaf should update to use later versions of these bouncy castle 3pps so that this CVE is mitigated.

Attachments

Activity

People

Assignee:: Jean-Baptiste Onofré

Reporter:: Karthick

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 10/Aug/21 06:52

Updated:: 24/Aug/21 08:35

Resolved:: 24/Aug/21 08:35