[JS-1930] Update bcprov-ext-jdk15on from 1.66 to 1.68 due to 3rd party vulnerability issue CVE-2020-28052 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.13.9
Fix Version/s: 1.13.10
Component/s: JITL Jobs, JOE Editor
Labels:
None

CVE-ID:
CVE-2020-28052

Description

Current Situation

Currently JobScheduler components use org.bouncycastle:bcprov-jdk15on and org.bouncycastle:bcprov-ext-jdk15on version 1.66
a vulnerability affects this version,
- see https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-28052

Desired Behavior

Due to a vulnerability Issue of older org.bouncycastle:bcprov-jdk15on and org.bouncycastle:bcprov-ext-jdk15on releases the JobScheduler components should use the current version 1.68 that fixes the issues.

Attachments

Issue Links

relates to

YADE-579 SMB - java.lang.IllegalAccessError

Released

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Divyani Rathore

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18 May 2021 13:54

Updated:: 19 January 2022 16:21

Resolved:: 18 May 2021 14:01