[jboss-jira] [JBoss JIRA] (WFLY-12720) [18.0.1] Update BouncyCastle from 1.60 to 1.64
Brian Stansberry (Jira)
issues at jboss.org
Mon Oct 28 16:52:00 EDT 2019
[ https://issues.jboss.org/browse/WFLY-12720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13805197#comment-13805197 ]
Brian Stansberry commented on WFLY-12720:
-----------------------------------------
https://nvd.nist.gov/vuln/detail/CVE-2019-17359 was a driver for this upgrade, but it actually didn't affect WildFly 18 as we were on 1.60 and the flaw was introduced in 1.63.
We already upgraded master to 1.64 anyway, and I see no reason to roll the back. I'll have to give some thought to 18.0.1 though as we're generally quite conservative about changes in micros, and this CVE was the driver for making that change.
> [18.0.1] Update BouncyCastle from 1.60 to 1.64
> ----------------------------------------------
>
> Key: WFLY-12720
> URL: https://issues.jboss.org/browse/WFLY-12720
> Project: WildFly
> Issue Type: Task
> Reporter: Rostislav Svoboda
> Assignee: Brian Stansberry
> Priority: Major
> Fix For: 18.0.1.Final
>
>
> Update BouncyCastle
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list