Outdated/vulnerable bouncycastle version 1.57

OxalisCommunity / oxalis

Oxalis - PEPPOL Access Point open source implementation - Core component

Other

124 stars 90 forks source link

Outdated/vulnerable bouncycastle version 1.57 #463

Closed olauspet closed 3 years ago

olauspet commented 4 years ago

Oxalis 4.1.2 uses version 1.57 of the bouncycastle jars. This version has some identified vulnerabilities (not sure if it has any impact to Oxalis) CVE-2017-13098 (Medium) CVE-2018-1000180 (High) CVE-2018-1000613 (Critical)

Are there plans to upgrade to latest bouncycastle version 1.64?

aaron-kumar commented 3 years ago

Fixed with commit : fc22da14415882e5772dcb74fdc1d6609b74b137