lexek
commented
1 year ago @thinkingserious @twilio-dx can someone look into this?
Closed kebeda closed 10 months ago
lexek
commented
1 year ago @thinkingserious @twilio-dx can someone look into this?
ghost
commented
11 months ago Please mitigate this vulnerability by updating Bouncy Castle @childish-sambino @twilio-dx @twilio-taylorferguson @twilio-ci
snesm
commented
11 months ago Latest is now 1.76 which fixes an additional vulnerability.
gian1200
commented
11 months ago Any update on this?
mrdziuban
commented
11 months ago I'm also interested in updates on this, would love to resolve this CVE in my project. Thanks in advance!
ghost
commented
11 months ago Please mitigate this vulnerability by updating Bouncy Castle @sendgrid-argo-cd @sendgrid-ci @sendgrid-github-readonly @sendgrid-jira @SendGridDX
lexek
commented
11 months ago Might make sense for maintainers to create a fresh pr for fix
gian1200
commented
11 months ago Th last commit on main branch was Jan 3. Why the need for a new PR?
mrdziuban
commented
10 months ago @shrutiburman this was merged with 1.75 instead of 1.76, the latest bouncycastle version -- will there be a separate pull request to update the latest?
mrdziuban
commented
10 months ago @shrutiburman opened a PR here https://github.com/sendgrid/sendgrid-java/pull/744
shrutiburman
commented
10 months ago Oh, thanks @mrdziuban for the PR. I'll merge that once all runs are passing.
shrutiburman
commented
10 months ago Done.
This mitigates CVE-2023-33201.
ref. https://github.com/bcgit/bc-java/wiki/CVE-2023-33201