search

oracle / oci-java-sdk

Oracle Cloud Infrastructure SDK for Java
https://cloud.oracle.com/cloud-infrastructure
Other
192 stars 152 forks source link

Upgrade Bouncy Castle to 1.78 or newer #594

Closed barchetta closed 1 week ago

barchetta commented 2 months ago

Please upgrade Bouncy Castle to 1.78 or newer

https://www.bouncycastle.org/releasenotes.html#r1rv78

r0bertini commented 2 months ago

There is high security issue based on the release notes to versions prior 1.78, so please prioritize this upgrade accordingly, thanks.

For details see CVE-2024-301XX on page https://www.bouncycastle.org/releasenotes.html#r1rv78

jyotisaini commented 2 months ago

Hi @robander - This is already prioritised and is in our roadmap to upgrade the bouncy castle. Please watch this issue for further updates.

r0bertini commented 2 months ago

Thanks @jyotisaini I assume there is no ETA which could be shared here?

barchetta commented 1 month ago

Any status on this?

jyotisaini commented 1 month ago

ETA for the bouncy castle upgrade is 06/04.

r0bertini commented 3 weeks ago

@jyotisaini was this released yesterday or is there a new timeline please ?

jyotisaini commented 3 weeks ago

Hi Robert this is scheduled to go out on 06/11.

r0bertini commented 1 week ago

Just confirming this has been released yesterday - v3.43.2 - see pom.xml file in https://github.com/oracle/oci-java-sdk/compare/v3.43.1...v3.43.2

barchetta commented 1 week ago

Closing as this is fixed in v3.43.2