From fd4df2ccd55be9be76e8e6497e6e0597b51a31d8 Mon Sep 17 00:00:00 2001 From: Lari Hotari Date: Mon, 3 Jun 2024 19:49:02 +0300 Subject: [PATCH] [fix][sec] Upgrade Bouncycastle libraries to address CVEs (#22826) (cherry picked from commit 05d98f7b07b6e3ac249845f042bfa937d1744f42) --- bouncy-castle/bc/LICENSE | 5 ++--- distribution/server/src/assemble/LICENSE.bin.txt | 7 +++---- distribution/shell/src/assemble/LICENSE.bin.txt | 7 +++---- pom.xml | 6 +++--- pulsar-sql/presto-distribution/LICENSE | 7 +++---- 5 files changed, 14 insertions(+), 18 deletions(-) diff --git a/bouncy-castle/bc/LICENSE b/bouncy-castle/bc/LICENSE index 14f4e76e921d3..c95d33d3d1ffb 100644 --- a/bouncy-castle/bc/LICENSE +++ b/bouncy-castle/bc/LICENSE @@ -205,6 +205,5 @@ This projects includes binary packages with the following licenses: Bouncy Castle License * Bouncy Castle -- licenses/LICENSE-bouncycastle.txt - - org.bouncycastle-bcpkix-jdk18on-1.78.jar - - org.bouncycastle-bcprov-jdk18on-1.78.jar - - org.bouncycastle-bcprov-ext-jdk18on-1.78.jar + - org.bouncycastle-bcpkix-jdk18on-1.78.1.jar + - org.bouncycastle-bcprov-jdk18on-1.78.1.jar diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index 7fea98875474b..e639fd63f64a9 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -580,10 +580,9 @@ Creative Commons Attribution License Bouncy Castle License * Bouncy Castle -- ../licenses/LICENSE-bouncycastle.txt - - org.bouncycastle-bcpkix-jdk18on-1.78.jar - - org.bouncycastle-bcprov-ext-jdk18on-1.78.jar - - org.bouncycastle-bcprov-jdk18on-1.78.jar - - org.bouncycastle-bcutil-jdk18on-1.78.jar + - org.bouncycastle-bcpkix-jdk18on-1.78.1.jar + - org.bouncycastle-bcprov-jdk18on-1.78.1.jar + - org.bouncycastle-bcutil-jdk18on-1.78.1.jar ------------------------ diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt b/distribution/shell/src/assemble/LICENSE.bin.txt index 5dec583a0f57a..03c2dadf800b9 100644 --- a/distribution/shell/src/assemble/LICENSE.bin.txt +++ b/distribution/shell/src/assemble/LICENSE.bin.txt @@ -471,10 +471,9 @@ Creative Commons Attribution License Bouncy Castle License * Bouncy Castle -- ../licenses/LICENSE-bouncycastle.txt - - bcpkix-jdk18on-1.78.jar - - bcprov-ext-jdk18on-1.78.jar - - bcprov-jdk18on-1.78.jar - - bcutil-jdk18on-1.78.jar + - bcpkix-jdk18on-1.78.1.jar + - bcprov-jdk18on-1.78.1.jar + - bcutil-jdk18on-1.78.1.jar ------------------------ diff --git a/pom.xml b/pom.xml index f57d190b2fe25..51b755d724b33 100644 --- a/pom.xml +++ b/pom.xml @@ -155,9 +155,9 @@ flexible messaging model and an intuitive client API. 1.7.32 4.4 2.18.0 - 1.78 - 1.0.6 - 1.0.2.4 + 1.78.1 + 1.0.7 + 1.0.2.5 2.14.2 0.10.2 1.6.10 diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE index 1f0512b410c5a..c32be010b782d 100644 --- a/pulsar-sql/presto-distribution/LICENSE +++ b/pulsar-sql/presto-distribution/LICENSE @@ -591,7 +591,6 @@ Creative Commons Attribution License Bouncy Castle License * Bouncy Castle -- licenses/LICENSE-bouncycastle.txt - - bcpkix-jdk18on-1.78.jar - - bcprov-ext-jdk18on-1.78.jar - - bcprov-jdk18on-1.78.jar - - bcutil-jdk18on-1.78.jar + - bcpkix-jdk18on-1.78.1.jar + - bcprov-jdk18on-1.78.1.jar + - bcutil-jdk18on-1.78.1.jar