We're updating the issue view to help you get more done. 

Update Bouncy Castle to 1.60

Description

Requested that Bouncy Castle be updated to 1.55 [now 1.59] release.

https://bouncycastle.org/releasenotes.html

Environment

None

Acceptance Test - Entry

None

Activity

Show:
Neustradamus
November 27, 2017, 5:08 PM

Please update Bouncy Castle (1.58 at the date): https://bouncycastle.org/latest_releases.html

Thanks in advance.

Neustradamus
March 16, 2018, 11:28 AM

Please update Bouncy Castle (1.59 at the date): https://bouncycastle.org/latest_releases.html

Thanks in advance.

Daryl Herzmann
April 18, 2018, 6:11 PM

We are now at a point of pure Maven builds, so this is very much doable.  I would do it, but don't know of the API changes that may need openfire code updates.

Neustradamus
November 30, 2018, 8:52 PM

Thanks for this update but I have forgotten to inform you that 1.60 has been released in June 2018, can you update to the last?
https://bouncycastle.org/latest_releases.html

*IMPORTANT - CVE RELATED FIX* This release addresses the following CVEs:

  • CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API.

  • CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information.

Greg Thomas
December 1, 2018, 4:04 PM

Openfire 4.3.0-beta currently uses on 1.60

Fixed

Assignee

Greg Thomas

Reporter

Neustradamus

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Affects versions

Priority

Minor
Configure