Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 1.3.x] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) #13484

Merged
merged 6 commits into from
May 6, 2024
Merged

[Backport 1.3.x] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) #13484

merged 6 commits into from
May 6, 2024

Conversation

mwilso3
Copy link

@mwilso3 mwilso3 commented May 1, 2024
edited
Loading

Description

Backporting all BouncyCastle upgrades from 1.75 to 1.78.1.

Related Issues

Resolves CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857.

Check List

  • Failing checks are inspected and point to the corresponding known issue(s) (See: Troubleshooting Failing Builds)
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)
  • Public documentation issue/PR created

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

willyborankin and others added 3 commits May 1, 2024 15:08
@willyborankin @mwilso3
[Backport][1.3] Bump BouncyCastle to 1.76 (opensearch-project#10219)
62fb37a 
Signed-off-by: Milly Wilson <mwilson3@atlassian.com>
@stephen-crawford @mwilso3
[Backport][1.3] Update BouncyCastle dependencies from jdk15to18 to jd…
12bc91d 
…k18on (opensearch-project#12317)

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>
@reta @mwilso3
[Backport][1.3] Bump bouncycastle from 1.77 to 1.78 (opensearch-proje…
6115adc 
…ct#13243)

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>
@mwilso3 mwilso3 changed the title [Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78 [WIP][Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78 May 1, 2024
@mwilso3 mwilso3 changed the title [WIP][Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78 [Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78 May 1, 2024
@mwilso3 mwilso3 marked this pull request as draft May 1, 2024 05:28
@mwilso3 mwilso3 mentioned this pull request May 1, 2024
Merged
8 tasks
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 1, 2024

Gradle Check (Jenkins) Run Completed with:

@mwilso3 mwilso3 force-pushed the mwilso3/backport-bc-1.78 branch from 4ab9346 to 4819872 Compare May 1, 2024 06:00
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 1, 2024

Gradle Check (Jenkins) Run Completed with:

@mwilso3 mwilso3 force-pushed the mwilso3/backport-bc-1.78 branch 3 times, most recently from 2faec2e to c04d0b9 Compare May 1, 2024 06:02
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 1, 2024

Gradle Check (Jenkins) Run Completed with:

reta
reta reviewed May 1, 2024
View reviewed changes
buildSrc/build.gradle Outdated Show resolved Hide resolved
@mwilso3 mwilso3 force-pushed the mwilso3/backport-bc-1.78 branch from d1969d3 to 7e32318 Compare May 2, 2024 05:35
@mwilso3
PR#13484 Re-work
61b9605 
* Update BC from 1.78 to 1.78.1 with latest fixes.
* Remove incorrect jdk15to18 module replacement definitions as artifacts are still supported.
* Add release notes.
* Remove unneccessary license additions.

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>
@mwilso3 mwilso3 force-pushed the mwilso3/backport-bc-1.78 branch from 7e32318 to 61b9605 Compare May 2, 2024 05:37
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 2, 2024

Gradle Check (Jenkins) Run Completed with:

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 2, 2024

Gradle Check (Jenkins) Run Completed with:

@mwilso3 mwilso3 force-pushed the mwilso3/backport-bc-1.78 branch from 8c43d5d to 79bb137 Compare May 3, 2024 04:03
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 3, 2024

Gradle Check (Jenkins) Run Completed with:

@mwilso3
Copy link
Author

mwilso3 commented May 3, 2024
edited
Loading

Alrighty, build should be good - passing locally. Should be good for final review.

Post merge, how are releases co-ordinated and what's the cadence like with patch releases?

@reta @dblock @bbarani

@mwilso3
PR#13484 Re-work
230a392 
* Rename licenses from jdk18on to jdk15to18 and 1.78 to 1.78.1.
* Update SHAs for BC 1.78.1 licenses.

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>
@mwilso3 mwilso3 force-pushed the mwilso3/backport-bc-1.78 branch from fd1a389 to 230a392 Compare May 3, 2024 04:23
@mwilso3 mwilso3 marked this pull request as ready for review May 3, 2024 04:26
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 3, 2024

Gradle Check (Jenkins) Run Completed with:

@mwilso3 mwilso3 changed the title [Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78 [Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78.1 May 3, 2024
@mwilso3 mwilso3 changed the title [Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78.1 [Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) May 3, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 3, 2024

Gradle Check (Jenkins) Run Completed with:

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 3, 2024

Gradle Check (Jenkins) Run Completed with:

@reta
Copy link
Collaborator

reta commented May 3, 2024

Post merge, how are releases co-ordinated and what's the cadence like with patch releases?

Thanks a lot @mwilso3 , please check [1] for release schedules.

[1] https://opensearch.org/releases.html

@mwilso3
PR#13484 Re-work
c76ea32 
Update Changelog and remove release notes file as this will be created upon release.

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>
@mwilso3 mwilso3 changed the title [Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) May 5, 2024
@mwilso3 mwilso3 changed the title Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) [Backport 1.3.x] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) May 5, 2024
@mwilso3 mwilso3 changed the title [Backport 1.3.x] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) [Backport 1.3] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) May 5, 2024
@mwilso3 mwilso3 changed the title [Backport 1.3] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) [Backport 1.3.x] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) May 5, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 5, 2024

Gradle Check (Jenkins) Run Completed with:

reta
reta approved these changes May 6, 2024
View reviewed changes
Copy link
Collaborator

@reta reta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot, @mwilso3 !

@reta reta merged commit 81f1122 into opensearch-project:1.3 May 6, 2024
5 of 6 checks passed
@jaguilar-atl jaguilar-atl mentioned this pull request Jun 12, 2024
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reta reta reta approved these changes

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@andrross andrross Awaiting requested review from andrross andrross is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock dblock is a code owner

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna is a code owner

@kotwanikunal kotwanikunal Awaiting requested review from kotwanikunal kotwanikunal is a code owner

@mch2 mch2 Awaiting requested review from mch2 mch2 is a code owner

@nknize nknize Awaiting requested review from nknize nknize is a code owner

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@dreamer-89 dreamer-89 Awaiting requested review from dreamer-89

@tlfeng tlfeng Awaiting requested review from tlfeng

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mwilso3 @reta @willyborankin @stephen-crawford