chore: updates bouncy castle to 1.75 (latest 1.7x) by kebeda · Pull Request #741 · sendgrid/sendgrid-java

kebeda

kebeda changed the title ~~📦️ chore(deps): updates bouncy castle to 1.75 (latest 1.7x)~~ chore: updates bouncy castle to 1.75 (latest 1.7x)

Jun 21, 2023

kebeda deleted the fix/CVE-2023-33201 branch

June 22, 2023 13:05

kebeda restored the fix/CVE-2023-33201 branch

June 22, 2023 13:07

Latest is now 1.76 which fixes an additional vulnerability.

		<artifactId>bcprov-jdk15on</artifactId>
		<version>1.70</version>
		<artifactId>bcprov-jdk18on</artifactId>
		<version>1.75</version>

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

	<version>1.75</version>
	<version>1.76</version>

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rakatyal @shrutiburman please commit this change and merge this PR to fix the CVE vulnerability

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm also interested in updates on this, would love to resolve this CVE in my project. Thanks in advance!

Might make sense for maintainers to create a fresh pr for fix

Th last commit on main branch was Jan 3. Why the need for a new PR?

@shrutiburman this was merged with 1.75 instead of 1.76, the latest bouncycastle version -- will there be a separate pull request to update the latest?

Oh, thanks @mrdziuban for the PR. I'll merge that once all runs are passing.