Skip to content

[Improvement] [Alert] Outdated Bouncycastle dependency exposing your users to numerous security defects #17301

Description

@pjfanning

Search before asking

  • I had searched in the issues and found no similar issues.

What happened

The jdk15on jars for bouncycastle have been discontinued. The jdk18on jars will work as a replacement.

https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on lists 5 CVEs fixed since v1.71 and DS is still using 1.69

What you expected to happen

DS uses secure libs to protect your users

How to reproduce

n/a

Anything else

No response

Version

dev

Are you willing to submit PR?

  • Yes I am willing to submit a PR!

Code of Conduct

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions