[KARAF-7710] Fix CVE-2023-33201 in BouncyCastle - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 4.4.3
Fix Version/s: 4.4.4, 4.3.10
Component/s: karaf
Labels:
None

Description

Karaf 4.4.3 uses BouncyCastle 1.70 which is vulnerable to CVE-2023-33201.

I'll submit a PR to update to 1.75, which also involves changing the maven groupid from jdk15on to jdk18on.

Attachments

Activity

People

Assignee:: Jean-Baptiste Onofré

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 19/Jul/23 09:01

Updated:: 21/Jul/23 06:01

Resolved:: 21/Jul/23 06:00