[jboss-jira] [JBoss JIRA] (WFLY-12662) Update BouncyCastle from 1.60 to 1.64
Brian Stansberry (Jira)
issues at jboss.org
Tue Nov 5 23:23:00 EST 2019
[ https://issues.jboss.org/browse/WFLY-12662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry resolved WFLY-12662.
-------------------------------------
Resolution: Won't Do
We can't do this, BC 1.64 doesn't work properly with JDK 13:
https://github.com/bcgit/bc-java/issues/620
Fixing CVE-2019-17359 was the primary motivation for going to 1.64, but that CVE was for a problem introduced in 1.63, so WildFly's use of 1.60 meant we weren't affected.
I filed a separate JIRA to move to 1.62, which doesn't have the JDK 13 problem or the CVE. Since we've already gone past 1.60 I don't see a good reason to go all the way back.
> Update BouncyCastle from 1.60 to 1.64
> -------------------------------------
>
> Key: WFLY-12662
> URL: https://issues.jboss.org/browse/WFLY-12662
> Project: WildFly
> Issue Type: Component Upgrade
> Reporter: Rostislav Svoboda
> Assignee: Rostislav Svoboda
> Priority: Major
> Fix For: 19.0.0.Beta1
>
>
> Update BouncyCastle
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list