From ff09667334cebf9deebaed7b0aacec5e1d95101a Mon Sep 17 00:00:00 2001 From: Nihal Jain Date: Wed, 20 Sep 2023 21:59:28 +0530 Subject: [PATCH] HBASE-28089 Upgrade BouncyCastle to fix CVE-2023-33201 (#5415) (#5407) - Upgrades to v1.76, i.e. the latest version - Replaces *-jdk15on with *-jdk18on - Excludes *-jdk15on from everywhere else, to avoid conflicts with *-jdk18on Signed-off-by: Duo Zhang Reviewed-by: Aman Poonia --- hbase-asyncfs/pom.xml | 2 +- hbase-common/pom.xml | 4 +-- hbase-endpoint/pom.xml | 2 +- hbase-examples/pom.xml | 2 +- hbase-http/pom.xml | 2 +- hbase-mapreduce/pom.xml | 2 +- .../main/resources/supplemental-models.xml | 4 +-- hbase-rest/pom.xml | 2 +- hbase-server/pom.xml | 4 +-- pom.xml | 31 +++++++++++++++++-- 10 files changed, 40 insertions(+), 15 deletions(-) diff --git a/hbase-asyncfs/pom.xml b/hbase-asyncfs/pom.xml index dfb1fbd7b18c..a57f77e70290 100644 --- a/hbase-asyncfs/pom.xml +++ b/hbase-asyncfs/pom.xml @@ -75,7 +75,7 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on test diff --git a/hbase-common/pom.xml b/hbase-common/pom.xml index 93f22907f6c1..4fb75a82256b 100644 --- a/hbase-common/pom.xml +++ b/hbase-common/pom.xml @@ -153,12 +153,12 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on test org.bouncycastle - bcpkix-jdk15on + bcpkix-jdk18on test diff --git a/hbase-endpoint/pom.xml b/hbase-endpoint/pom.xml index a0f72912f52e..0c11e7cc188f 100644 --- a/hbase-endpoint/pom.xml +++ b/hbase-endpoint/pom.xml @@ -117,7 +117,7 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on test diff --git a/hbase-examples/pom.xml b/hbase-examples/pom.xml index 372fff0022e8..9018dc776a75 100644 --- a/hbase-examples/pom.xml +++ b/hbase-examples/pom.xml @@ -145,7 +145,7 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on test diff --git a/hbase-http/pom.xml b/hbase-http/pom.xml index 47f2fa92ac91..fff02910dde5 100644 --- a/hbase-http/pom.xml +++ b/hbase-http/pom.xml @@ -107,7 +107,7 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on test diff --git a/hbase-mapreduce/pom.xml b/hbase-mapreduce/pom.xml index 5c8063070532..86921d713b54 100644 --- a/hbase-mapreduce/pom.xml +++ b/hbase-mapreduce/pom.xml @@ -237,7 +237,7 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on test diff --git a/hbase-resource-bundle/src/main/resources/supplemental-models.xml b/hbase-resource-bundle/src/main/resources/supplemental-models.xml index 586bf36cc2d0..8e2ebd0ece8b 100644 --- a/hbase-resource-bundle/src/main/resources/supplemental-models.xml +++ b/hbase-resource-bundle/src/main/resources/supplemental-models.xml @@ -1316,10 +1316,10 @@ under the License. org.bouncycastle - bcpkix-jdk15on + bcpkix-jdk18on - + MIT License http://www.opensource.org/licenses/mit-license.php diff --git a/hbase-rest/pom.xml b/hbase-rest/pom.xml index d36eef908f2d..44612ebe55f4 100644 --- a/hbase-rest/pom.xml +++ b/hbase-rest/pom.xml @@ -231,7 +231,7 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on test diff --git a/hbase-server/pom.xml b/hbase-server/pom.xml index 61692a6ebfab..f27c41125363 100644 --- a/hbase-server/pom.xml +++ b/hbase-server/pom.xml @@ -343,12 +343,12 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on test org.bouncycastle - bcpkix-jdk15on + bcpkix-jdk18on test diff --git a/pom.xml b/pom.xml index ef95d070f67a..647efdab561d 100644 --- a/pom.xml +++ b/pom.xml @@ -607,7 +607,7 @@ 2.1.43 1.0.57 2.12.2 - 1.70 + 1.76 1.5.1 1.0.1 1.1.0 @@ -1381,7 +1381,7 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on ${bouncycastle.version} test @@ -1393,7 +1393,7 @@ org.bouncycastle - bcpkix-jdk15on + bcpkix-jdk18on ${bouncycastle.version} test @@ -2157,6 +2157,23 @@ + + banned-bouncycastle-jdk15on + + enforce + + + + + + org.bouncycastle:*-jdk15on + + Use org.bouncycastle:*-jdk18on instead + true + + + + check-aggregate-license @@ -4503,6 +4520,14 @@ org.slf4j slf4j-reload4j + + org.bouncycastle + bcprov-jdk15on + + + org.bouncycastle + bcpkix-jdk15on +