search

browserup / browserup-proxy

BrowserUp Proxy is a free utility to watch, test, and manipulate web application network traffic and performance.
https://browserup.com
Apache License 2.0
164 stars 41 forks source link

Bump bcpVersion from 1.64 to 1.65 #273

Closed dependabot-preview[bot] closed 3 years ago

dependabot-preview[bot] commented 4 years ago

Bumps bcpVersion from 1.64 to 1.65. Updates bcpkix-jdk15on from 1.64 to 1.65

Changelog

Sourced from bcpkix-jdk15on's changelog.

<title>Bouncy Castle Crypto Package - Release Notes</title>

Bouncy Castle Crypto Package - Release Notes






1.0 Introduction



The Bouncy Castle Crypto package is a Java implementation of 
cryptographic algorithms.  The package is organised so that it 
contains a light-weight API suitable for use in any environment
(including the J2ME) with the additional infrastructure
to conform the algorithms to the JCE framework.



2.0 Release History


2.1.1 Version

Release: 1.66

Date:      2020, TBD.

2.1.2 Defects Fixed


    

  • EdDSA verifiers now reset correctly after rejecting overly long signatures.
    • 

  • BCJSSE: SSLSession.getPeerCertificateChain could throw NullPointerException. This has been fixed.
    • 

  • qTESLA-I verifier would reject some valid signatures. This has been fixed.
    • 

  • qTESLA verifiers now reject overly long signatures.
    • 

  • PGP regression caused failure to preserve existing version header when headers were reset. This has now been fixed.
    • 

  • PKIXNameConstraintValidator had a bad cast preventing use of multiple OtherName constraints. This has been fixed.
    • 

  • Serialisation of the non-CRT RSA Private Key could cause a NullPointerException. This has been fixed.
    • 

  • An extra 4 bytes was included in the start of HSS public key encodings. This has been fixed.
    • 



2.1.3 Additional Features and Functionality


    

  • The qTESLA signature algorithm has been updated to v2.8 (20191108).
    • 

  • BCJSSE: Client-side OCSP stapling now supports status_request_v2 extension.
    • 

  • Support has been added for PKIXRevocationChecker for users of Java 8 and later.
    • 

  • Support has been added for "ocsp.enable", "ocsp.responderURL" for users of Java 8 and later.
    • 

  • Support has been added for "org.bouncycastle.x509.enableCRLDP" to the PKIX validator.
    • 

  • BCJSSE: Now supports system property 'jsse.enableFFDHE'
    • 

  • BCJSSE: Now supports system properties 'jdk.tls.client.SignatureSchemes' and 'jdk.tls.server.SignatureSchemes'.
    • 



2.1.4 Notes



 ... (truncated)






Commits







Updates bcprov-jdk15on from 1.64 to 1.65



Changelog

Sourced from bcprov-jdk15on's changelog.





<title>Bouncy Castle Crypto Package - Release Notes</title>





Bouncy Castle Crypto Package - Release Notes








1.0 Introduction



The Bouncy Castle Crypto package is a Java implementation of 
cryptographic algorithms.  The package is organised so that it 
contains a light-weight API suitable for use in any environment
(including the J2ME) with the additional infrastructure
to conform the algorithms to the JCE framework.



2.0 Release History


2.1.1 Version

Release: 1.66

Date:      2020, TBD.

2.1.2 Defects Fixed


    

  • EdDSA verifiers now reset correctly after rejecting overly long signatures.
    • 

  • BCJSSE: SSLSession.getPeerCertificateChain could throw NullPointerException. This has been fixed.
    • 

  • qTESLA-I verifier would reject some valid signatures. This has been fixed.
    • 

  • qTESLA verifiers now reject overly long signatures.
    • 

  • PGP regression caused failure to preserve existing version header when headers were reset. This has now been fixed.
    • 

  • PKIXNameConstraintValidator had a bad cast preventing use of multiple OtherName constraints. This has been fixed.
    • 

  • Serialisation of the non-CRT RSA Private Key could cause a NullPointerException. This has been fixed.
    • 

  • An extra 4 bytes was included in the start of HSS public key encodings. This has been fixed.
    • 



2.1.3 Additional Features and Functionality


    

  • The qTESLA signature algorithm has been updated to v2.8 (20191108).
    • 

  • BCJSSE: Client-side OCSP stapling now supports status_request_v2 extension.
    • 

  • Support has been added for PKIXRevocationChecker for users of Java 8 and later.
    • 

  • Support has been added for "ocsp.enable", "ocsp.responderURL" for users of Java 8 and later.
    • 

  • Support has been added for "org.bouncycastle.x509.enableCRLDP" to the PKIX validator.
    • 

  • BCJSSE: Now supports system property 'jsse.enableFFDHE'
    • 

  • BCJSSE: Now supports system properties 'jdk.tls.client.SignatureSchemes' and 'jdk.tls.server.SignatureSchemes'.
    • 



2.1.4 Notes



 ... (truncated)






Commits







Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.





Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)


            

        

    
            

            

                dependabot-preview[bot]
                commented
                 3 years ago            

            

                
Superseded by #321.