Requested that Bouncy Castle be updated to 1.55 [now 1.59] release.
Please update Bouncy Castle (1.58 at the date): https://bouncycastle.org/latest_releases.html
Thanks in advance.
Please update Bouncy Castle (1.59 at the date): https://bouncycastle.org/latest_releases.html
Thanks in advance.
We are now at a point of pure Maven builds, so this is very much doable. I would do it, but don't know of the API changes that may need openfire code updates.
Thanks for this update but I have forgotten to inform you that 1.60 has been released in June 2018, can you update to the last?
https://bouncycastle.org/latest_releases.html
*IMPORTANT - CVE RELATED FIX* This release addresses the following CVEs:
CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API.
CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information.
Openfire 4.3.0-beta currently uses on 1.60