Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update BouncyCastle to address CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857 #4454

Closed

Conversation

jaguilar-atl
Copy link

Description

Upgrading BouncyCastle from 1.75 to 1.78.1 to address potential vulnerabilities.

A similar change was made to the OpenSearch core repo here.
opensearch-project/OpenSearch#13484

Issues Resolved

This will address the following potential vulnerabilities.
https://www.cve.org/CVERecord?id=CVE-2024-30172
https://www.cve.org/CVERecord?id=CVE-2024-30171
https://www.cve.org/CVERecord?id=CVE-2024-29857

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@willyborankin
Copy link
Collaborator

There is an open PR #4437 with the same version

@jaguilar-atl
Copy link
Author

There is an open PR #4437 with the same version

Oh right, I missed that! I'm happy to close this one then and just wait for that other PR to go through.

Thanks for looking into it @willyborankin !

@jaguilar-atl
Copy link
Author

Closing this as the same version bump is already being addressed in #4437

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants