Skip to content

Commit e33b173

Browse files
NihalJainNihalJain
authored
HBASE-28089 Upgrade BouncyCastle to fix CVE-2023-33201 (#5422)
- Upgrades to v1.76, i.e. the latest version - Replaces *-jdk15on with *-jdk18on - Excludes *-jdk15on from everywhere else, to avoid conflicts with *-jdk18on Signed-off-by: Duo Zhang <[email protected]>
1 parent df2328a commit e33b173

File tree

9 files changed

+36
-11
lines changed

9 files changed

+36
-11
lines changed

hbase-asyncfs/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@
7575
</dependency>
7676
<dependency>
7777
<groupId>org.bouncycastle</groupId>
78-
<artifactId>bcprov-jdk15on</artifactId>
78+
<artifactId>bcprov-jdk18on</artifactId>
7979
<scope>test</scope>
8080
</dependency>
8181
<dependency>

hbase-endpoint/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -117,7 +117,7 @@
117117
</dependency>
118118
<dependency>
119119
<groupId>org.bouncycastle</groupId>
120-
<artifactId>bcprov-jdk15on</artifactId>
120+
<artifactId>bcprov-jdk18on</artifactId>
121121
<scope>test</scope>
122122
</dependency>
123123
<dependency>

hbase-examples/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -145,7 +145,7 @@
145145
</dependency>
146146
<dependency>
147147
<groupId>org.bouncycastle</groupId>
148-
<artifactId>bcprov-jdk15on</artifactId>
148+
<artifactId>bcprov-jdk18on</artifactId>
149149
<scope>test</scope>
150150
</dependency>
151151
<dependency>

hbase-http/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@
9494
</dependency>
9595
<dependency>
9696
<groupId>org.bouncycastle</groupId>
97-
<artifactId>bcprov-jdk15on</artifactId>
97+
<artifactId>bcprov-jdk18on</artifactId>
9898
<scope>test</scope>
9999
</dependency>
100100
<dependency>

hbase-mapreduce/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -237,7 +237,7 @@
237237
</dependency>
238238
<dependency>
239239
<groupId>org.bouncycastle</groupId>
240-
<artifactId>bcprov-jdk15on</artifactId>
240+
<artifactId>bcprov-jdk18on</artifactId>
241241
<scope>test</scope>
242242
</dependency>
243243
</dependencies>

hbase-resource-bundle/src/main/resources/supplemental-models.xml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1316,10 +1316,10 @@ under the License.
13161316
<supplement>
13171317
<project>
13181318
<groupId>org.bouncycastle</groupId>
1319-
<artifactId>bcpkix-jdk15on</artifactId>
1319+
<artifactId>bcpkix-jdk18on</artifactId>
13201320

13211321
<licenses>
1322-
<!-- bcpkix-jdk15on is licensed under the Bouncy Castle License, which is equivalent to the MIT License -->
1322+
<!-- bcpkix-jdk18on is licensed under the Bouncy Castle License, which is equivalent to the MIT License -->
13231323
<license>
13241324
<name>MIT License</name>
13251325
<url>http://www.opensource.org/licenses/mit-license.php</url>

hbase-rest/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -231,7 +231,7 @@
231231
<!--Test-->
232232
<dependency>
233233
<groupId>org.bouncycastle</groupId>
234-
<artifactId>bcprov-jdk15on</artifactId>
234+
<artifactId>bcprov-jdk18on</artifactId>
235235
<scope>test</scope>
236236
</dependency>
237237
<dependency>

hbase-server/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -273,7 +273,7 @@
273273
</dependency>
274274
<dependency>
275275
<groupId>org.bouncycastle</groupId>
276-
<artifactId>bcprov-jdk15on</artifactId>
276+
<artifactId>bcprov-jdk18on</artifactId>
277277
<scope>test</scope>
278278
</dependency>
279279
<dependency>

pom.xml

Lines changed: 27 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -606,7 +606,7 @@
606606
<joni.version>2.1.31</joni.version>
607607
<jcodings.version>1.0.55</jcodings.version>
608608
<spy.version>2.12.2</spy.version>
609-
<bouncycastle.version>1.70</bouncycastle.version>
609+
<bouncycastle.version>1.76</bouncycastle.version>
610610
<skyscreamer.version>1.5.1</skyscreamer.version>
611611
<kerby.version>1.0.1</kerby.version>
612612
<commons-crypto.version>1.1.0</commons-crypto.version>
@@ -1374,7 +1374,7 @@
13741374
</dependency>
13751375
<dependency>
13761376
<groupId>org.bouncycastle</groupId>
1377-
<artifactId>bcprov-jdk15on</artifactId>
1377+
<artifactId>bcprov-jdk18on</artifactId>
13781378
<version>${bouncycastle.version}</version>
13791379
<scope>test</scope>
13801380
</dependency>
@@ -2144,6 +2144,23 @@
21442144
</rules>
21452145
</configuration>
21462146
</execution>
2147+
<execution>
2148+
<id>banned-bouncycastle-jdk15on</id>
2149+
<goals>
2150+
<goal>enforce</goal>
2151+
</goals>
2152+
<configuration>
2153+
<rules>
2154+
<bannedDependencies>
2155+
<excludes>
2156+
<exclude>org.bouncycastle:*-jdk15on</exclude>
2157+
</excludes>
2158+
<message>Use org.bouncycastle:*-jdk18on instead</message>
2159+
<searchTransitive>true</searchTransitive>
2160+
</bannedDependencies>
2161+
</rules>
2162+
</configuration>
2163+
</execution>
21472164
<execution>
21482165
<id>check-aggregate-license</id>
21492166
<goals>
@@ -4490,6 +4507,14 @@
44904507
<groupId>org.slf4j</groupId>
44914508
<artifactId>slf4j-reload4j</artifactId>
44924509
</exclusion>
4510+
<exclusion>
4511+
<groupId>org.bouncycastle</groupId>
4512+
<artifactId>bcprov-jdk15on</artifactId>
4513+
</exclusion>
4514+
<exclusion>
4515+
<groupId>org.bouncycastle</groupId>
4516+
<artifactId>bcpkix-jdk15on</artifactId>
4517+
</exclusion>
44934518
</exclusions>
44944519
</dependency>
44954520
<dependency>

0 commit comments

Comments
 (0)