search

OPCFoundation / UA-Java-Legacy

This repository is provided by OPC Foundation as legacy support for an Java version for OPC UA.
https://github.com/OPCFoundation/UA-.NETStandard
Other
354 stars 226 forks source link

Upgrade to Bouncy Castle version 1.64 #197

Closed jouniaro closed 4 years ago

jouniaro commented 4 years ago

BC 1.60 has a known security vulnerability and it is recommended to upgrade to a new version. Currently 1.64 is the latest version and should be targeted, if possible.

https://crypto.stackexchange.com/questions/61121/is-bouncycastle-rsaoaep-implementation-vulnerable-to-manger-s-attack

jouniaro commented 4 years ago

Fixed in commit b696e8ba408ca93a5f886c17049669fa66413b6c