b80faa4738
# 🔍 Description ## Issue References 🔗 They have stopped patching the JDK 1.5 jars that Hadoop uses (see [HADOOP-18540](https://issues.apache.org/jira/browse/HADOOP-18540)). The new artifacts have similar names - but the names are like bcprov-jdk18on as opposed to bcprov-jdk15on. CVE-2023-33201 is an example of a security issue that seems only to be fixed in the JDK 1.8 artifacts (ie no JDK 1.5 jar has the fix). https://www.bouncycastle.org/releasenotes.html#r1rv77 latest current release but the CVE was fixed in 1.74. To be clear, Kyuubi only uses BouncyCastle for testing, the CVE does not affect Kyuubi distribution. ## Describe Your Solution 🔧 Bump BouncyCastle from 1.67 to 1.77, and change the artifactId from `*-jdk15on` to `*jdk18on`. ## Types of changes 🔖 - [ ] Bugfix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) ## Test Plan 🧪 Pass GA. --- # Checklist 📝 - [x] This patch was not authored or co-authored using [Generative Tooling](https://www.apache.org/legal/generative-tooling.html) **Be nice. Be informative.** Closes #6177 from pan3793/bouncycastle. Closes #6177 8595b98c1 [Cheng Pan] Bump BouncyCastle from 1.67 to 1.77 b9e7123f6 [Cheng Pan] Bump bouncycastle from 1.67 to 1.77 Authored-by: Cheng Pan <chengpan@apache.org> Signed-off-by: Cheng Pan <chengpan@apache.org> |
||
|---|---|---|
| .. | ||
| kyuubi-flink-it | ||
| kyuubi-gluten-it | ||
| kyuubi-hive-it | ||
| kyuubi-jdbc-it | ||
| kyuubi-kubernetes-it | ||
| kyuubi-trino-it | ||
| kyuubi-zookeeper-it | ||
| pom.xml | ||