From ac3c659aefead3f2ff422977f5c2e0cf940cd678 Mon Sep 17 00:00:00 2001
From: Lari Hotari <lhotari@users.noreply.github.com>
Date: Mon, 3 Jun 2024 19:49:02 +0300
Subject: [PATCH] [fix][sec] Upgrade Bouncycastle libraries to address CVEs
 (#22826)

(cherry picked from commit 05d98f7b07b6e3ac249845f042bfa937d1744f42)
---
 bouncy-castle/bc/LICENSE                         | 5 ++---
 distribution/server/src/assemble/LICENSE.bin.txt | 7 +++----
 distribution/shell/src/assemble/LICENSE.bin.txt  | 7 +++----
 pom.xml                                          | 6 +++---
 4 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/bouncy-castle/bc/LICENSE b/bouncy-castle/bc/LICENSE
index 14f4e76e921d3..c95d33d3d1ffb 100644
--- a/bouncy-castle/bc/LICENSE
+++ b/bouncy-castle/bc/LICENSE
@@ -205,6 +205,5 @@
 This projects includes binary packages with the following licenses:
 Bouncy Castle License
  * Bouncy Castle -- licenses/LICENSE-bouncycastle.txt
-    - org.bouncycastle-bcpkix-jdk18on-1.78.jar
-    - org.bouncycastle-bcprov-jdk18on-1.78.jar
-    - org.bouncycastle-bcprov-ext-jdk18on-1.78.jar
+    - org.bouncycastle-bcpkix-jdk18on-1.78.1.jar
+    - org.bouncycastle-bcprov-jdk18on-1.78.1.jar
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index 84b93647d0ec4..a1c7478837697 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -617,10 +617,9 @@ Creative Commons Attribution License
 
 Bouncy Castle License
  * Bouncy Castle -- ../licenses/LICENSE-bouncycastle.txt
-    - org.bouncycastle-bcpkix-jdk18on-1.78.jar
-    - org.bouncycastle-bcprov-ext-jdk18on-1.78.jar
-    - org.bouncycastle-bcprov-jdk18on-1.78.jar
-    - org.bouncycastle-bcutil-jdk18on-1.78.jar
+    - org.bouncycastle-bcpkix-jdk18on-1.78.1.jar
+    - org.bouncycastle-bcprov-jdk18on-1.78.1.jar
+    - org.bouncycastle-bcutil-jdk18on-1.78.1.jar
 
 ------------------------
 
diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt b/distribution/shell/src/assemble/LICENSE.bin.txt
index be1f7db63134c..d3e58b999c5f2 100644
--- a/distribution/shell/src/assemble/LICENSE.bin.txt
+++ b/distribution/shell/src/assemble/LICENSE.bin.txt
@@ -474,10 +474,9 @@ Creative Commons Attribution License
 
 Bouncy Castle License
  * Bouncy Castle -- ../licenses/LICENSE-bouncycastle.txt
-    - bcpkix-jdk18on-1.78.jar
-    - bcprov-ext-jdk18on-1.78.jar
-    - bcprov-jdk18on-1.78.jar
-    - bcutil-jdk18on-1.78.jar
+    - bcpkix-jdk18on-1.78.1.jar
+    - bcprov-jdk18on-1.78.1.jar
+    - bcutil-jdk18on-1.78.1.jar
 
 ------------------------
 
diff --git a/pom.xml b/pom.xml
index a9eeb6ad40039..2fd23b59b4935 100644
--- a/pom.xml
+++ b/pom.xml
@@ -157,9 +157,9 @@ flexible messaging model and an intuitive client API.</description>
     <slf4j.version>2.0.13</slf4j.version>
     <commons.collections4.version>4.4</commons.collections4.version>
     <log4j2.version>2.23.1</log4j2.version>
-    <bouncycastle.version>1.78</bouncycastle.version>
-    <bouncycastle.bcpkix-fips.version>1.0.6</bouncycastle.bcpkix-fips.version>
-    <bouncycastle.bc-fips.version>1.0.2.4</bouncycastle.bc-fips.version>
+    <bouncycastle.version>1.78.1</bouncycastle.version>
+    <bouncycastle.bcpkix-fips.version>1.0.7</bouncycastle.bcpkix-fips.version>
+    <bouncycastle.bc-fips.version>1.0.2.5</bouncycastle.bc-fips.version>
     <jackson.version>2.14.2</jackson.version>
     <reflections.version>0.10.2</reflections.version>
     <swagger.version>1.6.2</swagger.version>