Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update BouncyCastle.Cryptography to 2.3.1 #233

Merged
merged 1 commit into from
May 17, 2024

Conversation

bdach
Copy link
Collaborator

@bdach bdach commented May 16, 2024

To address several published vulnerabilities/CVEs:

Noticed this through build warnings.

I don't believe any of these realistically impact our usage of the library but I'm not that well-versed in cryptography and I'd rather not risk using known-bad versions longer than they need to be.

To address several published vulnerabilities/CVEs:

- GHSA-8xfc-gm6g-vgpv
- GHSA-m44j-cfrm-g8qc
- GHSA-v435-xc8x-wvr9

Noticed this through build warnings.

I don't believe any of these *realistically* impact our usage of the
library but I'm not that well-versed in cryptography and I'd rather not
risk using known-bad versions longer than they need to be.
@bdach bdach requested a review from a team May 16, 2024 12:48
@smoogipoo smoogipoo merged commit a34c409 into ppy:master May 17, 2024
2 checks passed
@bdach bdach deleted the the-castle-is-too-bouncy branch May 17, 2024 06:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants