Closed jaguilar-atl closed 2 weeks ago
There is an open PR https://github.com/opensearch-project/security/pull/4437 with the same version
There is an open PR #4437 with the same version
Oh right, I missed that! I'm happy to close this one then and just wait for that other PR to go through.
Thanks for looking into it @willyborankin !
Closing this as the same version bump is already being addressed in https://github.com/opensearch-project/security/pull/4437
Description
Upgrading BouncyCastle from 1.75 to 1.78.1 to address potential vulnerabilities.
A similar change was made to the OpenSearch core repo here. https://github.com/opensearch-project/OpenSearch/pull/13484
Issues Resolved
This will address the following potential vulnerabilities. https://www.cve.org/CVERecord?id=CVE-2024-30172 https://www.cve.org/CVERecord?id=CVE-2024-30171 https://www.cve.org/CVERecord?id=CVE-2024-29857
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.