known vulnerabilities in org.bouncycastle/bcprov-jdk18on@1.77

drallgood / jpasskit

jPasskit is an Java™ implementation of the Apple™ PassKit Web Service.

Apache License 2.0

276 stars 109 forks source link

known vulnerabilities in org.bouncycastle/bcprov-jdk18on@1.77 #585

Closed OBreidenbach closed 7 months ago

OBreidenbach commented 7 months ago

Hi, there are known vulnerabilities in org.bouncycastle/bcprov-jdk18on@1.77 CVE-2024-29857, CVE-2024-30171, CVE-2024-30172

Could you please upgrade to the current org.bouncycastle:bcprov-jdk18on (1.78.1) release?

Thanks

OBreidenbach commented 7 months ago

I just saw that dependabot already did the upgrade. Just a new release is needed. So I will wait for the next release. Thanks for your work on this library.

drallgood commented 7 months ago

yep

Now that I have reworked the release process it should be faster.

Will try to do it tonight

In the meantime you can use the snapshot version

drallgood commented 7 months ago

Released as 0.4.2