Skip to content

Commit

Permalink
Bump BouncyCastle from jdk15on to jdk15to18 (opensearch-project#8247)
Browse files Browse the repository at this point in the history
jdk15on are not supported anymore since based development was moved from jsk15on to jdk18on.

jdk15to18 contains fixed for:
- CVE-2023-33201
- CVE-2022-45146

Signed-off-by: Andrey Pleskach <[email protected]>
  • Loading branch information
willyborankin authored Jun 28, 2023
1 parent 9aeb156 commit 9856cb7
Show file tree
Hide file tree
Showing 22 changed files with 15 additions and 13 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- OpenJDK Update (April 2023 Patch releases) ([#7344](https://github.com/opensearch-project/OpenSearch/pull/7344)
- Bump `com.google.http-client:google-http-client:1.43.2` from 1.42.0 to 1.43.2 ([7928](https://github.com/opensearch-project/OpenSearch/pull/7928)))
- Add Opentelemetry dependencies ([#7543](https://github.com/opensearch-project/OpenSearch/issues/7543))
- Bump `org.bouncycastle:bcprov-jdk15on` to `org.bouncycastle:bcprov-jdk15to18` version 1.75 ([8247](https://github.com/opensearch-project/OpenSearch/pull/8247))
- Bump `org.bouncycastle:bcmail-jdk15on` to `org.bouncycastle:bcmail-jdk15to18` version 1.75 ([8247](https://github.com/opensearch-project/OpenSearch/pull/8247))
- Bump `org.bouncycastle:bcpkix-jdk15on` to `org.bouncycastle:bcpkix-jdk15to18` version 1.75 ([8247](https://github.com/opensearch-project/OpenSearch/pull/8247))



### Changed
- [CCR] Add getHistoryOperationsFromTranslog method to fetch the history snapshot from translogs ([#3948](https://github.com/opensearch-project/OpenSearch/pull/3948))
Expand Down
2 changes: 1 addition & 1 deletion buildSrc/version.properties
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ reactivestreams = 1.0.4
# when updating this version, you need to ensure compatibility with:
# - plugins/ingest-attachment (transitive dependency, check the upstream POM)
# - distribution/tools/plugin-cli
bouncycastle=1.70
bouncycastle=1.75
# test dependencies
randomizedrunner = 2.7.1
junit = 4.13.2
Expand Down
2 changes: 1 addition & 1 deletion plugins/identity-shiro/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ dependencies {

implementation 'org.passay:passay:1.6.3'

implementation "org.bouncycastle:bcprov-jdk15on:${versions.bouncycastle}"
implementation "org.bouncycastle:bcprov-jdk15to18:${versions.bouncycastle}"

testImplementation project(path: ':modules:transport-netty4') // for http
testImplementation project(path: ':plugins:transport-nio') // for http
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
df22e1b6a9f6b218913f5b68dd16641344397fe0
6 changes: 3 additions & 3 deletions plugins/ingest-attachment/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -71,9 +71,9 @@ dependencies {
api "org.apache.pdfbox:fontbox:${versions.pdfbox}"
api "org.apache.pdfbox:jempbox:1.8.17"
api "commons-logging:commons-logging:${versions.commonslogging}"
api "org.bouncycastle:bcmail-jdk15on:${versions.bouncycastle}"
api "org.bouncycastle:bcprov-jdk15on:${versions.bouncycastle}"
api "org.bouncycastle:bcpkix-jdk15on:${versions.bouncycastle}"
api "org.bouncycastle:bcmail-jdk15to18:${versions.bouncycastle}"
api "org.bouncycastle:bcprov-jdk15to18:${versions.bouncycastle}"
api "org.bouncycastle:bcpkix-jdk15to18:${versions.bouncycastle}"
// OpenOffice
api "org.apache.poi:poi-ooxml:${versions.poi}"
api "org.apache.poi:poi:${versions.poi}"
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
b316bcd094e3917b1ece93a6edbab93f8315fb3b

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
f16e5252ad7a46d5eaf255231b0a5da307599082

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
df22e1b6a9f6b218913f5b68dd16641344397fe0
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,6 @@ grant {
// needed to apply additional sandboxing to tika parsing
permission java.security.SecurityPermission "createAccessControlContext";

// TODO: fix PDFBox not to actually install bouncy castle like this
permission java.security.SecurityPermission "putProviderProperty.BC";
permission java.security.SecurityPermission "insertProvider";
// TODO: fix POI XWPF to not do this: https://bz.apache.org/bugzilla/show_bug.cgi?id=58597
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
// needed by xmlbeans, as part of POI for MS xml docs
Expand Down
2 changes: 1 addition & 1 deletion test/fixtures/hdfs-fixture/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ dependencies {
api "org.apache.logging.log4j:log4j-core:${versions.log4j}"
api "io.netty:netty-all:${versions.netty}"
api 'com.google.code.gson:gson:2.10.1'
api "org.bouncycastle:bcpkix-jdk15on:${versions.bouncycastle}"
api "org.bouncycastle:bcpkix-jdk15to18:${versions.bouncycastle}"
api "com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:${versions.jackson}"
api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}"
api "com.fasterxml.woodstox:woodstox-core:${versions.woodstox}"
Expand Down

0 comments on commit 9856cb7

Please sign in to comment.