Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Bouncy Castle to a near recent version with which compilation … #216

Merged
merged 3 commits into from
Dec 10, 2024

Conversation

urwithsumit
Copy link

Recent Veracode scan gave vulnerabilities in the transitive dependency for bouncy castle. Updating the jar to a recent version.
Vulnerabilities - Public Data
CVE-2024-30172 High Risk Denial Of Service (DoS) Bouncy Castle Provider 1.69
CVE-2023-33201 Medium Risk LDAP Injection Bouncy Castle Provider 1.69
CVE-2024-29857 Medium Risk Denial Of Service (DoS) Bouncy Castle Provider 1.69
CVE-2024-30171 Medium Risk Observable Discrepancy Bouncy Castle Provider 1.69
CVE-2023-33202 Medium Risk Denial Of Service (DoS) Bouncy Castle Provider 1.69

sumit_kumar and others added 2 commits December 9, 2024 18:05
…and test cases are passing. Bouncy castle 1.69 version was reported for vulnerabilities in the Veraocde scans.
@urwithsumit
Copy link
Author

@eed3si9n Seems the windows-latest check has hit a connection timeout. Does it get auto retried?

@eed3si9n
Copy link
Member

I retried earlier, but let me try again.

@eed3si9n eed3si9n merged commit 1a1ec7c into sbt:develop Dec 10, 2024
5 checks passed
@urwithsumit
Copy link
Author

urwithsumit commented Dec 10, 2024

@eed3si9n Thanks for merging it and for releasing the new version.
I just ran a scan for my app, and it came clean for the bouncy castle.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants