Update Bouncy Castle to 1.60
Openfire 4.3.0-beta currently uses on 1.60
Thanks for this update but I have forgotten to inform you that 1.60 has been released in June 2018, can you update to the last?
*IMPORTANT - CVE RELATED FIX* This release addresses the following CVEs:
CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API.
CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information.
We are now at a point of pure Maven builds, so this is very much doable. I would do it, but don't know of the API changes that may need openfire code updates.