[prev in list] [next in list] [prev in thread] [next in thread]
List: hadoop-dev
Subject: [jira] [Resolved] (HADOOP-19024) Use bouncycastle jdk18 1.77
From: "Ayush Saxena (Jira)" <jira () apache ! org>
Date: 2024-03-30 14:36:00
Message-ID: JIRA.13563606.1704384299000.100339.1711809360263 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/HADOOP-19024?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
Ayush Saxena resolved HADOOP-19024.
-----------------------------------
Fix Version/s: 3.5.0
Hadoop Flags: Reviewed
Resolution: Fixed
> Use bouncycastle jdk18 1.77
> ---------------------------
>
> Key: HADOOP-19024
> URL: https://issues.apache.org/jira/browse/HADOOP-19024
> Project: Hadoop Common
> Issue Type: Task
> Reporter: PJ Fanning
> Assignee: PJ Fanning
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.5.0
>
>
> They have stopped patching the JDK 1.5 jars that Hadoop uses (see \
> https://issues.apache.org/jira/browse/HADOOP-18540). The new artifacts have similar \
> names - but the names are like bcprov-jdk18on as opposed to bcprov-jdk15on. \
> CVE-2023-33201 is an example of a security issue that seems only to be fixed in the \
> JDK 1.8 artifacts (ie no JDK 1.5 jar has the fix). \
> https://www.bouncycastle.org/releasenotes.html#r1rv77 latest current release but \
> the CVE was fixed in 1.74.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic