Skip to content

Commit

Permalink
[Backport 1.3.x] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-3…
Browse files Browse the repository at this point in the history
…0172, CVE-2024-30171 and CVE-2024-29857) (#13484)

* [Backport][1.3] Bump BouncyCastle to 1.76 (#10219)

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>

* [Backport][1.3] Update BouncyCastle dependencies from jdk15to18 to jdk18on (#12317)

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>

* [Backport][1.3] Bump bouncycastle from 1.77 to 1.78 (#13243)

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>

* PR#13484 Re-work

* Update BC from 1.78 to 1.78.1 with latest fixes.
* Remove incorrect jdk15to18 module replacement definitions as artifacts are still supported.
* Add release notes.
* Remove unneccessary license additions.

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>

* PR#13484 Re-work

* Rename licenses from jdk18on to jdk15to18 and 1.78 to 1.78.1.
* Update SHAs for BC 1.78.1 licenses.

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>

* PR#13484 Re-work

Update Changelog and remove release notes file as this will be created upon release.

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>

---------

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>
Co-authored-by: Andrey Pleskach <ples@aiven.io>
Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>
Co-authored-by: Andriy Redko <andriy.redko@aiven.io>
  • Loading branch information
4 people authored May 6, 2024
1 parent 59970f2 commit 81f1122
Show file tree
Hide file tree
Showing 8 changed files with 5 additions and 4 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
### Added
### Dependencies
- OpenJDK Update (April 2024 Patch releases), update to Eclipse Temurin 11.0.23+9 ([#13406](https://github.com/opensearch-project/OpenSearch/pull/13406))
- Upgrade BouncyCastle dependencies from 1.75 to 1.78.1 resolving [CVE-2024-30172], [CVE-2024-30171] and [CVE-2024-29857]

### Changed
### Deprecated
Expand Down
2 changes: 1 addition & 1 deletion buildSrc/version.properties
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jetty = 9.4.53.v20231009
# when updating this version, you need to ensure compatibility with:
# - plugins/ingest-attachment (transitive dependency, check the upstream POM)
# - distribution/tools/plugin-cli
bouncycastle=1.75
bouncycastle=1.78.1
# test dependencies
randomizedrunner = 2.7.1
junit = 4.13.2
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
4ec9c0125a605408da16cf8758cc75b502204cbb

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
5884ee847542641d04abfbfdeca3446d0300670b

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
83bfa8229f7127d933161aefb281e54a9ffcf9f4

0 comments on commit 81f1122

Please sign in to comment.