Skip to content

Commit

Permalink
HBASE-28089 Upgrade BouncyCastle to fix CVE-2023-33201 (#5415) (#5407)
Browse files Browse the repository at this point in the history
- Upgrades to v1.76, i.e. the latest version
- Replaces *-jdk15on with *-jdk18on
- Excludes *-jdk15on from everywhere else, to avoid conflicts with *-jdk18on

Signed-off-by: Duo Zhang <[email protected]>
Reviewed-by: Aman Poonia <[email protected]>
  • Loading branch information
NihalJain authored Sep 20, 2023
1 parent ddb297b commit ff09667
Show file tree
Hide file tree
Showing 10 changed files with 40 additions and 15 deletions.
2 changes: 1 addition & 1 deletion hbase-asyncfs/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
Expand Down
4 changes: 2 additions & 2 deletions hbase-common/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -153,12 +153,12 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<artifactId>bcpkix-jdk18on</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
Expand Down
2 changes: 1 addition & 1 deletion hbase-endpoint/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
Expand Down
2 changes: 1 addition & 1 deletion hbase-examples/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
Expand Down
2 changes: 1 addition & 1 deletion hbase-http/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
Expand Down
2 changes: 1 addition & 1 deletion hbase-mapreduce/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1316,10 +1316,10 @@ under the License.
<supplement>
<project>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<artifactId>bcpkix-jdk18on</artifactId>

<licenses>
<!-- bcpkix-jdk15on is licensed under the Bouncy Castle License, which is equivalent to the MIT License -->
<!-- bcpkix-jdk18on is licensed under the Bouncy Castle License, which is equivalent to the MIT License -->
<license>
<name>MIT License</name>
<url>http://www.opensource.org/licenses/mit-license.php</url>
Expand Down
2 changes: 1 addition & 1 deletion hbase-rest/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@
<!--Test-->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
Expand Down
4 changes: 2 additions & 2 deletions hbase-server/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -343,12 +343,12 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<artifactId>bcpkix-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
Expand Down
31 changes: 28 additions & 3 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -607,7 +607,7 @@
<joni.version>2.1.43</joni.version>
<jcodings.version>1.0.57</jcodings.version>
<spy.version>2.12.2</spy.version>
<bouncycastle.version>1.70</bouncycastle.version>
<bouncycastle.version>1.76</bouncycastle.version>
<skyscreamer.version>1.5.1</skyscreamer.version>
<kerby.version>1.0.1</kerby.version>
<commons-crypto.version>1.1.0</commons-crypto.version>
Expand Down Expand Up @@ -1381,7 +1381,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<artifactId>bcprov-jdk18on</artifactId>
<version>${bouncycastle.version}</version>
<scope>test</scope>
</dependency>
Expand All @@ -1393,7 +1393,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>${bouncycastle.version}</version>
<scope>test</scope>
</dependency>
Expand Down Expand Up @@ -2157,6 +2157,23 @@
</rules>
</configuration>
</execution>
<execution>
<id>banned-bouncycastle-jdk15on</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<bannedDependencies>
<excludes>
<exclude>org.bouncycastle:*-jdk15on</exclude>
</excludes>
<message>Use org.bouncycastle:*-jdk18on instead</message>
<searchTransitive>true</searchTransitive>
</bannedDependencies>
</rules>
</configuration>
</execution>
<execution>
<id>check-aggregate-license</id>
<goals>
Expand Down Expand Up @@ -4503,6 +4520,14 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-reload4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</exclusion>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
Expand Down

0 comments on commit ff09667

Please sign in to comment.