From 527eb31fa7b5e2621517d41b72a7153cde4dc0a3 Mon Sep 17 00:00:00 2001 From: Masahiro Sakamoto Date: Wed, 13 Jan 2021 16:10:55 +0900 Subject: [PATCH] Upgrade Bouncy Castle to 1.68 (#9199) The version of Bouncy Castle that Pulsar currently depends on has security vulnerability, so upgraded it to the latest version. https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-28052 --- distribution/server/src/assemble/LICENSE.bin.txt | 6 +++--- pom.xml | 2 +- pulsar-sql/presto-distribution/LICENSE | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index 008b7d3a94a0c..344971bfc6e78 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -591,9 +591,9 @@ Creative Commons Attribution License Bouncy Castle License * Bouncy Castle -- licenses/LICENSE-bouncycastle.txt - - org.bouncycastle-bcpkix-jdk15on-1.66.jar - - org.bouncycastle-bcprov-ext-jdk15on-1.66.jar - - org.bouncycastle-bcprov-jdk15on-1.66.jar + - org.bouncycastle-bcpkix-jdk15on-1.68.jar + - org.bouncycastle-bcprov-ext-jdk15on-1.68.jar + - org.bouncycastle-bcprov-jdk15on-1.68.jar ------------------------ diff --git a/pom.xml b/pom.xml index 0348c0fe3dda3..070311719ea1b 100644 --- a/pom.xml +++ b/pom.xml @@ -109,7 +109,7 @@ flexible messaging model and an intuitive client API. 1.7.25 3.2.2 2.14.0 - 1.66 + 1.68 1.0.2 2.11.1 2.11.1 diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE index 4169dde40d0d1..cd03996f49b66 100644 --- a/pulsar-sql/presto-distribution/LICENSE +++ b/pulsar-sql/presto-distribution/LICENSE @@ -569,6 +569,6 @@ Creative Commons Attribution License Bouncy Castle License * Bouncy Castle -- licenses/LICENSE-bouncycastle.txt -- - bcpkix-jdk15on-1.66.jar -- - bcprov-ext-jdk15on-1.66.jar -- - bcprov-jdk15on-1.66.jar +- - bcpkix-jdk15on-1.68.jar +- - bcprov-ext-jdk15on-1.68.jar +- - bcprov-jdk15on-1.68.jar