Uploaded image for project: 'Apache Tez'
  1. Apache Tez
  2. TEZ-4458

Upgrade Bouncy Castle to 1.70 due to high CVEs

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 0.10.3
    • None
    • None

    Description

      CVE-2020-28052 (HIGH severity) - An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

      Attachments

        Issue Links

          Is contained by

          Task - A task that needs to be done. TEZ-4481 Prepare for Tez 0.10.3 release

          • Major - Major loss of function.
          • Open
          links to

          Web Link GitHub Pull Request #253

          Activity

            People

              mkunwar Mayank Kunwar
              mkunwar Mayank Kunwar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 20m
                  1h 20m