Bug #17006
closed
Upgrade Bouncy Castle GPG to latest minor version
Added by François ARMAND about 4 years ago.
Updated about 4 years ago.
Category:
Architecture - Dependencies
Description
We currently use bounce castle version 1.63 for bppkix and bpprov but not for GPG, which use the version provided by JGIT (1.61).
Unfortunatly, that version has a problem with the detection of gpg 2.1 unprotected private keys, which is corrected in 1.62. So we need to force its version and don't use transcient dependencies.
Moreover, it's better to only have one set of bouncy castle dependencies to avoid API breakage.
Current dependency resolution:
% mvn dependency:resolve | grep bouncy | sort -u
[INFO] org.bouncycastle:bcpg-jdk15on:jar:1.61:compile
[INFO] org.bouncycastle:bcpkix-jdk15on:jar:1.63:compile
[INFO] org.bouncycastle:bcprov-jdk15on:jar:1.63:compile
- Status changed from New to In progress
- Assignee changed from François ARMAND to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder/pull/2850
With the patch:
% mvn dependency:resolve | grep bouncy | sort -u
[INFO] org.bouncycastle:bcpg-jdk15on:jar:1.63:compile
[INFO] org.bouncycastle:bcpkix-jdk15on:jar:1.63:compile
[INFO] org.bouncycastle:bcprov-jdk15on:jar:1.63:compile
- Status changed from In progress to Pending release
- Fix check changed from To do to Checked
- Subject changed from Upgrade Bouncy Castle GPG to last minor version to Upgrade Bouncy Castle GPG to latest minor version
- Name check changed from To do to Reviewed
- Status changed from Pending release to Released
This bug has been fixed in Rudder 6.0.5 which was released today.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by