Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-17563

Update Bouncy Castle to 1.68 or later

    XMLWordPrintableJSON

Details

    • Incompatible change
    • bouncy castle 1.68+ is a multirelease JAR containing java classes compiled for different target JREs. older versions of asm.jar and maven shade plugin may have problems with these. fix: upgrade the dependencies

    Description

      Bouncy Castle 1.60 has Hash Collision Vulnerability. Let's update to 1.68.

      Bouncy Castle 1.60 has the following vulnerabilities. Let's update to 1.68.

      for anyone backporting this, note that recent bouncy castle jars are incompatible with older versions of asm.jar, and so older versions of spark.

      Attachments

        Issue Links

          is blocked by

          Improvement - An improvement or enhancement to an existing feature or task. SPARK-29729 Upgrade ASM to 7.2

          • Major - Major loss of function.
          • Resolved
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-17898 Upgrade BouncyCastle to 1.69

          • Major - Major loss of function.
          • Resolved
          is related to

          Sub-task - The sub-task of the issue SPARK-41392 Add `bouncy-castle` test dependencies to `sql/core` module for Hadoop 3.4.0

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. HIVE-26063 Upgrade Apache parent POM to version 25

          • Major - Major loss of function.
          • Open
          relates to

          Bug - A problem which impairs or prevents the functions of the product. BIGTOP-3926 Fix build failure of Hive against Hadoop 3.3.5

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #2740

          Web Link GitHub Pull Request #3055

          Web Link GitHub Pull Request #3405

          Web Link GitHub Pull Request #5015

          Activity

            People

              pj.fanning PJ Fanning
              tasanuma Takanobu Asanuma
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 3h
                  3h