Update Bouncy Castle to 1.60

Description

Requested that Bouncy Castle be updated to 1.55 [now 1.59] release.

https://bouncycastle.org/releasenotes.html

Environment

None

Activity

Show:

Greg Thomas December 1, 2018 at 4:04 PM

Openfire 4.3.0-beta currently uses on 1.60

Neustradamus November 30, 2018 at 8:52 PM

Thanks for this update but I have forgotten to inform you that 1.60 has been released in June 2018, can you update to the last?
https://bouncycastle.org/latest_releases.html

*IMPORTANT - CVE RELATED FIX* This release addresses the following CVEs:

CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API.
CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information.

Daryl Herzmann April 18, 2018 at 6:11 PM

We are now at a point of pure Maven builds, so this is very much doable. I would do it, but don't know of the API changes that may need openfire code updates.

Neustradamus March 16, 2018 at 11:28 AM

Please update Bouncy Castle (1.59 at the date): https://bouncycastle.org/latest_releases.html

Thanks in advance.

Neustradamus November 27, 2017 at 5:08 PM

Please update Bouncy Castle (1.58 at the date): https://bouncycastle.org/latest_releases.html

Thanks in advance.

Resize issue view side panel

Fixed

Details

Assignee

Greg Thomas

Reporter

Neustradamus

Components

Fix versions

4.3.0

Affects versions

4.0.0

Priority

Minor

Created January 27, 2016 at 8:47 PM

Updated December 1, 2018 at 4:13 PM

Resolved June 19, 2018 at 3:17 PM