Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.x] Update FIPS API libraries of Bouncy Castle (#1853) #1886

Merged
merged 1 commit into from
Jan 12, 2022
Merged

[1.x] Update FIPS API libraries of Bouncy Castle (#1853) #1886

merged 1 commit into from
Jan 12, 2022

Conversation

tlfeng
Copy link
Collaborator

@tlfeng tlfeng commented Jan 11, 2022

Description

Backport PR #1853 / commit db23f72 into 1.x branch.
Update the versions of all the remaining API libraries of org.bouncycastle, which are mainly FIPS APIs.

  • Update the version of bc-fips from 1.0.2 to 1.0.2.1 to reduce the vulnerability CVE-2020-15522
  • Update bcpg-fips from 1.0.4 to 1.0.5.1
  • Update bctls-fips from 1.0.9 to 1.0.12.2
  • Apply the unified defined version of bouncycastle to bcpkix-jdk15on, in HDFS testing fixture.

Issues Resolved

None.

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@tlfeng
Update FIPS API libraries of Bouncy Castle (opensearch-project#1853)
06b20c5 
* Update bc-fips to 1.0.2.1

Signed-off-by: Tianli Feng <ftl94@live.com>

* Update bcpg-fips to 1.0.5.1

Signed-off-by: Tianli Feng <ftl94@live.com>

* Update bctls-fips to 1.0.12.2

Signed-off-by: Tianli Feng <ftl94@live.com>

* Use the unified bouncycastle version for bcpkix-jdk15on in HDFS testing fixture

Signed-off-by: Tianli Feng <ftl94@live.com>
@tlfeng tlfeng added >upgrade Label used when upgrading library dependencies (e.g., Lucene) backport PRs or issues specific to backporting features or enhancments CVE Fixes a CVE v1.3.0 labels Jan 11, 2022
@opensearch-ci-bot
Copy link
Collaborator

Can one of the admins verify this patch?

@opensearch-ci-bot
Copy link
Collaborator

✅   Gradle Check success 06b20c5
Log 1861

Reports 1861

@dblock dblock merged commit 42dbe3a into opensearch-project:1.x Jan 12, 2022
@tlfeng tlfeng deleted the 1.x-bc-fips branch January 20, 2022 05:50
@dblock dblock mentioned this pull request Oct 13, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saratvemulapalli saratvemulapalli saratvemulapalli approved these changes

@dblock dblock dblock approved these changes

Assignees
No one assigned
Labels
backport PRs or issues specific to backporting features or enhancments CVE Fixes a CVE >upgrade Label used when upgrading library dependencies (e.g., Lucene) v1.3.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tlfeng @opensearch-ci-bot @dblock @saratvemulapalli