I’m running an OSGI application that uses the following JARs: bcprov-jdk15to18-1.76.jar, bcpkix-jdk15to18-1.76.jar, and bcutil-jdk15to18-1.76.jar. Recently, during a Mend scan, a vulnerability was reported for bcprov (CVE-2024-29857). To address this, I upgraded to bcprov-jdk15to18-1.78.jar, bcpkix-jdk15to18-1.78.jar, and bcutil-jdk15to18-1.78.jar. However, I encountered an issue starting the application, with an error in the stack trace indicating:
INFO: Installing bundle [file:/C:/dev/apache-tomcat-9.0.91/webapps/DwsMain/WEB-INF/bundles/bcprov-jdk15to18-178.jar]
WARNING: Exception starting a system bundle activator.
This problem didn’t occur with version 1.76. When I upgrade all three JAR files, the same exception arises for bcpkix and bcutil. I also tried upgrading only bcprov to 1.78 while keeping bcpkix and bcutil at version 1.76, but I still see the same exception.
Please let me know how this can be rectified or is this an already known issue?
Hello,
I’m running an OSGI application that uses the following JARs:
bcprov-jdk15to18-1.76.jar
,bcpkix-jdk15to18-1.76.jar
, andbcutil-jdk15to18-1.76.jar
. Recently, during a Mend scan, a vulnerability was reported forbcprov
(CVE-2024-29857). To address this, I upgraded tobcprov-jdk15to18-1.78.jar
,bcpkix-jdk15to18-1.78.jar
, andbcutil-jdk15to18-1.78.jar
. However, I encountered an issue starting the application, with an error in the stack trace indicating:INFO: Installing bundle [file:/C:/dev/apache-tomcat-9.0.91/webapps/DwsMain/WEB-INF/bundles/bcprov-jdk15to18-178.jar]
WARNING: Exception starting a system bundle activator.
This problem didn’t occur with version 1.76. When I upgrade all three JAR files, the same exception arises for
bcpkix
andbcutil
. I also tried upgrading onlybcprov
to 1.78 while keepingbcpkix
andbcutil
at version 1.76, but I still see the same exception.Please let me know how this can be rectified or is this an already known issue?
Thanks