From b80faa47382620642411c216d09629cf309a0b33 Mon Sep 17 00:00:00 2001 From: Cheng Pan Date: Wed, 13 Mar 2024 14:00:12 +0800 Subject: [PATCH] [KYUUBI #6177] Bump BouncyCastle from 1.67 to 1.77 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit # :mag: Description ## Issue References ๐Ÿ”— They have stopped patching the JDK 1.5 jars that Hadoop uses (see [HADOOP-18540](https://issues.apache.org/jira/browse/HADOOP-18540)). The new artifacts have similar names - but the names are like bcprov-jdk18on as opposed to bcprov-jdk15on. CVE-2023-33201 is an example of a security issue that seems only to be fixed in the JDK 1.8 artifacts (ie no JDK 1.5 jar has the fix). https://www.bouncycastle.org/releasenotes.html#r1rv77 latest current release but the CVE was fixed in 1.74. To be clear, Kyuubi only uses BouncyCastle for testing, the CVE does not affect Kyuubi distribution. ## Describe Your Solution ๐Ÿ”ง Bump BouncyCastle from 1.67 to 1.77, and change the artifactId from `*-jdk15on` to `*jdk18on`. ## Types of changes :bookmark: - [ ] Bugfix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) ## Test Plan ๐Ÿงช Pass GA. --- # Checklist ๐Ÿ“ - [x] This patch was not authored or co-authored using [Generative Tooling](https://www.apache.org/legal/generative-tooling.html) **Be nice. Be informative.** Closes #6177 from pan3793/bouncycastle. Closes #6177 8595b98c1 [Cheng Pan] Bump BouncyCastle from 1.67 to 1.77 b9e7123f6 [Cheng Pan] Bump bouncycastle from 1.67 to 1.77 Authored-by: Cheng Pan Signed-off-by: Cheng Pan --- externals/kyuubi-flink-sql-engine/pom.xml | 4 ++-- integration-tests/kyuubi-flink-it/pom.xml | 4 ++-- integration-tests/kyuubi-hive-it/pom.xml | 4 ++-- kyuubi-server/pom.xml | 4 ++-- pom.xml | 11 ++++++++--- 5 files changed, 16 insertions(+), 11 deletions(-) diff --git a/externals/kyuubi-flink-sql-engine/pom.xml b/externals/kyuubi-flink-sql-engine/pom.xml index d01f05fed..6bf367d76 100644 --- a/externals/kyuubi-flink-sql-engine/pom.xml +++ b/externals/kyuubi-flink-sql-engine/pom.xml @@ -148,13 +148,13 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on test org.bouncycastle - bcpkix-jdk15on + bcpkix-jdk18on test diff --git a/integration-tests/kyuubi-flink-it/pom.xml b/integration-tests/kyuubi-flink-it/pom.xml index 15699be1d..5d78492bf 100644 --- a/integration-tests/kyuubi-flink-it/pom.xml +++ b/integration-tests/kyuubi-flink-it/pom.xml @@ -88,13 +88,13 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on test org.bouncycastle - bcpkix-jdk15on + bcpkix-jdk18on test diff --git a/integration-tests/kyuubi-hive-it/pom.xml b/integration-tests/kyuubi-hive-it/pom.xml index cdd9fa4d9..3f7069a70 100644 --- a/integration-tests/kyuubi-hive-it/pom.xml +++ b/integration-tests/kyuubi-hive-it/pom.xml @@ -78,13 +78,13 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on test org.bouncycastle - bcpkix-jdk15on + bcpkix-jdk18on test diff --git a/kyuubi-server/pom.xml b/kyuubi-server/pom.xml index 50cf9a857..e7d4faa11 100644 --- a/kyuubi-server/pom.xml +++ b/kyuubi-server/pom.xml @@ -296,13 +296,13 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on test org.bouncycastle - bcpkix-jdk15on + bcpkix-jdk18on test diff --git a/pom.xml b/pom.xml index 3dc9d2e57..72c4617de 100644 --- a/pom.xml +++ b/pom.xml @@ -125,7 +125,7 @@ 4.3.4 https://archive.apache.org/dist 2.3.0 - 1.67 + 1.77 4.2.23 1.5.0 1.15 @@ -1021,6 +1021,11 @@ junit junit + + + org.bouncycastle + bcprov-jdk15on + @@ -1149,13 +1154,13 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on ${bouncycastle.version} org.bouncycastle - bcpkix-jdk15on + bcpkix-jdk18on ${bouncycastle.version}