[JOC-1578] Update bouncycastle 1.70 to 1.75 due to 3rd-party vulnerability issue CVE-2023-33201 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.5.3, 2.6.0
Fix Version/s: 2.5.4, 2.6.1
Component/s: None
Labels:
None

CVE-ID:
CVE-2023-33201

Description

Current Situation

Currently JS7 releases makes use of Bouncycastle components version 1.70
A vulnerability affects this version,
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201

Impact

We rate the impact to our software as low as our implementation does not make use of the LDAP CertStore stated in the vulnerability report.

Desired Behavior

JS7 should use Bouncycastle components version 1.75 which fixes the vulnerability.

Attachments

Issue Links

affects

SET-227 SSH Job unusable due to missing bouncycastle 3rd party libraries in Agent

Released

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Kanika Agrawal

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 21 July 2023 10:28

Updated:: 08 August 2023 06:58

Resolved:: 24 July 2023 09:29