Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1578

Update bouncycastle 1.70 to 1.75 due to 3rd-party vulnerability issue CVE-2023-33201

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 2.5.3, 2.6.0
    • 2.5.4, 2.6.1
    • None
    • None
    • CVE-2023-33201

    Description

      Current Situation

      Impact

      We rate the impact to our software as low as our implementation does not make use of the LDAP CertStore stated in the vulnerability report.

      Desired Behavior

      JS7 should use Bouncycastle components version 1.75 which fixes the vulnerability.

      Attachments

        Issue Links

          Activity

            People

              sp Santiago Aucejo Petzoldt
              sp Santiago Aucejo Petzoldt
              Kanika Agrawal Kanika Agrawal
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: