Skip to content

HDDS-10194. Upgrade Bouncy Castle to 1.77 #6077

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
adoroszlai merged 2 commits into from
Jan 30, 2024
Merged

HDDS-10194. Upgrade Bouncy Castle to 1.77 #6077

adoroszlai merged 2 commits into from
Jan 30, 2024

Conversation

@adoroszlai
Copy link
Contributor

@adoroszlai adoroszlai commented Jan 23, 2024
edited
Loading

What changes were proposed in this pull request?

Upgrade Bouncy Castle to 1.77 (current latest release). Dependabot would not upgrade it due to a packaging change in 1.71.

1.74 fixes CVE-2023-33201, which does not affect Ozone since we don't use LDAP.

https://bouncycastle.org/latest_releases.html

https://issues.apache.org/jira/browse/HDDS-10194

How was this patch tested?

CI:
https://github.com/adoroszlai/ozone/actions/runs/7630191546

@adoroszlai adoroszlai added the dependencies Pull requests that update a dependency file label Jan 23, 2024
@adoroszlai adoroszlai self-assigned this Jan 23, 2024
@Galsza
Copy link
Contributor

Galsza commented Jan 27, 2024

Thank you Attila for the patch. Looking good to me.

It's a bit funny that the official BC license says 2023 still

@adoroszlai
Copy link
Contributor Author

adoroszlai commented Jan 29, 2024

@ChenSammi @fapifta please review

ChenSammi
ChenSammi approved these changes Jan 30, 2024
View reviewed changes
Copy link
Contributor

@ChenSammi ChenSammi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @adoroszlai .

@adoroszlai adoroszlai merged commit 86bbdfc into apache:master Jan 30, 2024
@adoroszlai adoroszlai deleted the HDDS-10194 branch January 30, 2024 06:51
@adoroszlai
Copy link
Contributor Author

adoroszlai commented Jan 30, 2024

Thanks @ChenSammi, @Galsza for the review.

@adoroszlai
Copy link
Contributor Author

adoroszlai commented Jan 30, 2024

It's a bit funny that the official BC license says 2023 still

Release: 1.77
Date:    2023, November 13th

adoroszlai added a commit to adoroszlai/ozone that referenced this pull request Feb 21, 2024
@adoroszlai
HDDS-10194. Upgrade Bouncy Castle to 1.77 (apache#6077)
8d911e7 
(cherry picked from commit 86bbdfc)
adoroszlai added a commit to adoroszlai/ozone that referenced this pull request Feb 21, 2024
@adoroszlai
HDDS-10194. Upgrade Bouncy Castle to 1.77 (apache#6077)
cda1ab2 
(cherry picked from commit 86bbdfc)
@adoroszlai adoroszlai mentioned this pull request Feb 22, 2024
Merged
jojochuang added a commit to jojochuang/ozone that referenced this pull request Feb 28, 2024
@jojochuang
Revert "HDDS-10194. Upgrade Bouncy Castle to 1.77 (apache#6077)"
a03be64 
This reverts commit 86bbdfc.
jojochuang added a commit to jojochuang/ozone that referenced this pull request Oct 3, 2024
@jojochuang
Revert "HDDS-10194. Upgrade Bouncy Castle to 1.77 (apache#6077)"
beb80d3 
This reverts commit 86bbdfc.

 Conflicts:
	hadoop-hdds/common/pom.xml
	hadoop-ozone/dist/src/main/license/jar-report.txt
	pom.xml

Change-Id: Ia90986b95332c3eef2152959603992054a9a2a95
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChenSammi ChenSammi ChenSammi approved these changes

@fapifta fapifta Awaiting requested review from fapifta

Assignees

@adoroszlai adoroszlai

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@adoroszlai @Galsza @ChenSammi