bcgit / bc-java

Bouncy Castle Java Distribution (Mirror)
https://www.bouncycastle.org/java.html
MIT License
2.33k stars 1.14k forks source link

Exception while installing bcprov bundle #1872

Open Talwarkrishnachaitanya opened 1 month ago

Talwarkrishnachaitanya commented 1 month ago

Hello,

I’m running an OSGI application that uses the following JARs: bcprov-jdk15to18-1.76.jar, bcpkix-jdk15to18-1.76.jar, and bcutil-jdk15to18-1.76.jar. Recently, during a Mend scan, a vulnerability was reported for bcprov (CVE-2024-29857). To address this, I upgraded to bcprov-jdk15to18-1.78.jar, bcpkix-jdk15to18-1.78.jar, and bcutil-jdk15to18-1.78.jar. However, I encountered an issue starting the application, with an error in the stack trace indicating:

INFO: Installing bundle [file:/C:/dev/apache-tomcat-9.0.91/webapps/DwsMain/WEB-INF/bundles/bcprov-jdk15to18-178.jar]
WARNING: Exception starting a system bundle activator.

This problem didn’t occur with version 1.76. When I upgrade all three JAR files, the same exception arises for bcpkix and bcutil. I also tried upgrading only bcprov to 1.78 while keeping bcpkix and bcutil at version 1.76, but I still see the same exception.

Please let me know how this can be rectified or is this an already known issue?

Thanks

Talwarkrishnachaitanya commented 3 weeks ago

Hello,

Any update on this ? Is this the right place to raise a ticket?

Thanks