Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: updates bouncy castle to 1.75 (latest 1.7x) #741

Merged
merged 2 commits into from
Nov 8, 2023
Merged

chore: updates bouncy castle to 1.75 (latest 1.7x) #741

merged 2 commits into from
Nov 8, 2023

Conversation

kebeda
Copy link
Contributor

@kebeda kebeda commented Jun 21, 2023

@kebeda kebeda changed the title 📦️ chore(deps): updates bouncy castle to 1.75 (latest 1.7x) chore: updates bouncy castle to 1.75 (latest 1.7x) Jun 21, 2023
@kebeda kebeda mentioned this pull request Jun 21, 2023
Closed
1 task
@kebeda kebeda closed this Jun 22, 2023
@kebeda kebeda deleted the fix/CVE-2023-33201 branch June 22, 2023 13:05
@kebeda kebeda restored the fix/CVE-2023-33201 branch June 22, 2023 13:07
@kebeda kebeda reopened this Jun 22, 2023
@lexek
Copy link

lexek commented Jul 3, 2023

@thinkingserious @twilio-dx can someone look into this?

@ghost
Copy link

ghost commented Sep 29, 2023

Please mitigate this vulnerability by updating Bouncy Castle
@childish-sambino @twilio-dx @twilio-taylorferguson @twilio-ci

@snesm
Copy link

snesm commented Sep 29, 2023

Latest is now 1.76 which fixes an additional vulnerability.

ghost
ghost reviewed Sep 29, 2023
View reviewed changes
pom.xml
<artifactId>bcprov-jdk15on</artifactId>
<version>1.70</version>
<artifactId>bcprov-jdk18on</artifactId>
<version>1.75</version>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<version>1.75</version>
<version>1.76</version>

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rakatyal @shrutiburman please commit this change and merge this PR to fix the CVE vulnerability

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@claudiachua as well

@gian1200
Copy link

Any update on this?

@mrdziuban
Copy link
Contributor

I'm also interested in updates on this, would love to resolve this CVE in my project. Thanks in advance!

@ghost
Copy link

ghost commented Oct 16, 2023

Please mitigate this vulnerability by updating Bouncy Castle
@sendgrid-argo-cd @sendgrid-ci @sendgrid-github-readonly @sendgrid-jira @SendGridDX

@lexek
Copy link

lexek commented Oct 19, 2023

Might make sense for maintainers to create a fresh pr for fix

@gian1200
Copy link

Th last commit on main branch was Jan 3. Why the need for a new PR?

@shrutiburman shrutiburman merged commit d4d332f into sendgrid:main Nov 8, 2023
5 checks passed
@mrdziuban
Copy link
Contributor

@shrutiburman this was merged with 1.75 instead of 1.76, the latest bouncycastle version -- will there be a separate pull request to update the latest?

@mrdziuban mrdziuban mentioned this pull request Nov 8, 2023
Merged
8 tasks
@mrdziuban
Copy link
Contributor

@shrutiburman opened a PR here #744

@shrutiburman
Copy link
Contributor

Oh, thanks @mrdziuban for the PR. I'll merge that once all runs are passing.

@shrutiburman
Copy link
Contributor

Done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shrutiburman shrutiburman shrutiburman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@kebeda @lexek @snesm @gian1200 @mrdziuban @shrutiburman