Bringing bcpg-fips 2.0.8 in pom fails with error: no versions available for org.bouncycastle:bc-util:jar:[2.0.2,2.1.0) within specified range

alla-gofman commented 1 month ago

Got this error using when I add to pom:

<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpg-fips</artifactId>
<version>2.0.8</version>
</dependency>

Please refer to: https://repo1.maven.org/maven2/org/bouncycastle/bcpg-fips/2.0.8/bcpg-fips-2.0.8.pom this pom includes inexistent jar

 <dependency>
      <groupId>org.bouncycastle</groupId>
      <artifactId>bc-util</artifactId>
      <version>[2.0.2,2.1.0)</version>
      <type>jar</type>
    </dependency>

My workaround:

<dependency>
  <groupId>org.bouncycastle</groupId>
  <artifactId>bcpg-fips</artifactId>
  <version>2.0.8</version>
  <exclusions>
    <exclusion>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bc-util</artifactId>
    </exclusion>
  </exclusions>
</dependency>
<dependency>
  <groupId>org.bouncycastle</groupId>
  <artifactId>bcutil-fips</artifactId>
  <version>2.0.3</version>
</dependency>

dghgit commented 2 weeks ago

BCPG 2.0.9 has now been uploaded. This has a corrected POM file in it.

bharathbv44 commented 2 weeks ago

The source version in https://www.bouncycastle.org/download/bouncy-castle-java-fips/ is not updated to 2.0.9. Will it be possible to get the main page updated with the 2.0.9 instead of 2.0.8. Our Third Party Audit will not allow us to point to Maven source and they expect it to be listed in official website.

dghgit commented 2 weeks ago

The website is now updated.

bcgit / bc-java

Bringing bcpg-fips 2.0.8 in pom fails with error: no versions available for org.bouncycastle:bc-util:jar:[2.0.2,2.1.0) within specified range #1766