kares
commented
2 years ago an upgrade to BC 1.71 was completed and 0.14.0 has been pushed, hopefully all breaking changes have been caught ...
Closed coheigea closed 2 years ago
kares
commented
2 years ago an upgrade to BC 1.71 was completed and 0.14.0 has been pushed, hopefully all breaking changes have been caught ...
Some security scanners report a medium level severity in BouncyCastle 1.68 due to hash collisions in support of BKSv1 keystores. It's considered fixed in BC 1.69 due to:
"The old BKS-V1 format keystore is now disabled by default. If you need to use BKS-V1 for legacy reasons, it can be re-enabled by adding: org.bouncycastle.bks.enable_v1=true"
Please consider updating to avoid these kinds of warnings when projects are scanned with jruby-openssl.