lexek
commented
1 year ago @thinkingserious @twilio-dx can someone look into this?
Closed kebeda closed 1 year ago
lexek
commented
1 year ago @thinkingserious @twilio-dx can someone look into this?
ghost
commented
1 year ago Please mitigate this vulnerability by updating Bouncy Castle @childish-sambino @twilio-dx @twilio-taylorferguson @twilio-ci
snesm
commented
1 year ago Latest is now 1.76 which fixes an additional vulnerability.
gian1200
commented
1 year ago Any update on this?
mrdziuban
commented
1 year ago I'm also interested in updates on this, would love to resolve this CVE in my project. Thanks in advance!
ghost
commented
1 year ago Please mitigate this vulnerability by updating Bouncy Castle @sendgrid-argo-cd @sendgrid-ci @sendgrid-github-readonly @sendgrid-jira @SendGridDX
lexek
commented
1 year ago Might make sense for maintainers to create a fresh pr for fix
gian1200
commented
1 year ago Th last commit on main branch was Jan 3. Why the need for a new PR?
mrdziuban
commented
1 year ago @shrutiburman this was merged with 1.75 instead of 1.76, the latest bouncycastle version -- will there be a separate pull request to update the latest?
mrdziuban
commented
1 year ago @shrutiburman opened a PR here https://github.com/sendgrid/sendgrid-java/pull/744
shrutiburman
commented
1 year ago Oh, thanks @mrdziuban for the PR. I'll merge that once all runs are passing.
shrutiburman
commented
1 year ago Done.
This mitigates CVE-2023-33201.
ref. https://github.com/bcgit/bc-java/wiki/CVE-2023-33201