-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Bouncycastle to fix Cryptographic Issues vulnerability #12412
Conversation
@abstractj I may missed something, but simply updating the dependency in Also there are test failures (for example in Quarkus), which likely need to be solved and which seems to be regression of this. |
@mposolda you didn't miss anything, on the contrary, thanks for bringing this up. I'll check the broken tests. Quarkus 2.7.5.Final is already on BC 1.70, while WildFly is on 1.69 and so it should be safe to upgrade after fixing those tests. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, missed the comments.
No worries @pedroigor and thanks for reviewing it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking at test results looks like there's some real failures here:
Caused by: java.lang.ClassNotFoundException: org.bouncycastle.asn1.bsi.BSIObjectIdentifiers
Resolves #12411