We're updating the issue view to help you get more done.

Copy link to issue

summary

Update Bouncy Castle to 1.60

Description

Requested that Bouncy Castle be updated to 1.55 [now 1.59] release.

https://bouncycastle.org/releasenotes.html

Environment

None

Acceptance Test - Entry

None

Activity

Show:

Neustradamus

November 27, 2017, 5:08 PM

Copy link to comment

Please update Bouncy Castle (1.58 at the date): https://bouncycastle.org/latest_releases.html

Thanks in advance.

Neustradamus

March 16, 2018, 11:28 AM

Copy link to comment

Please update Bouncy Castle (1.59 at the date): https://bouncycastle.org/latest_releases.html

Thanks in advance.

Daryl Herzmann

April 18, 2018, 6:11 PM

Copy link to comment

We are now at a point of pure Maven builds, so this is very much doable. I would do it, but don't know of the API changes that may need openfire code updates.

Neustradamus

November 30, 2018, 8:52 PM

Copy link to comment

Thanks for this update but I have forgotten to inform you that 1.60 has been released in June 2018, can you update to the last?
https://bouncycastle.org/latest_releases.html

*IMPORTANT - CVE RELATED FIX* This release addresses the following CVEs:

CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API.
CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information.

Greg Thomas

December 1, 2018, 4:04 PM

Copy link to comment

Openfire 4.3.0-beta currently uses on 1.60

Fixed

Assignee

Greg Thomas

Reporter

Neustradamus

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Core

Fix versions

4.3.0

Affects versions

4.0.0

Priority

Minor

Configure