[accumulo] branch 2.1 updated: Update bouncycastle test dependency to 1.76 (#3819)

Fri, 13 Oct 2023 14:00:57 -0700 

This is an automated email from the ASF dual-hosted git repository.

ctubbsii pushed a commit to branch 2.1
in repository https://gitbox.apache.org/repos/asf/accumulo.git


The following commit(s) were added to refs/heads/2.1 by this push:
     new 719697786c Update bouncycastle test dependency to 1.76 (#3819)
719697786c is described below

commit 719697786c19506daa301e1a2d2f8ad3453d8d78
Author: Christopher Tubbs <ctubb...@apache.org>
AuthorDate: Fri Oct 13 17:00:44 2023 -0400

    Update bouncycastle test dependency to 1.76 (#3819)
    
    * Mitigate CVE-2023-33201 in bouncycastle test dependency by
      updating to 1.76; it's unlikely we'd have hit this issue,
      because we only use this for a test dependency for our Ssl
      tests, but it is still good to keep it up to date.
    * The Java 1.5-compatible bouncycastle libraries are no longer
      maintained, so this moves to the versions that require Java 8,
      which is not a problem, since we require at least Java 11 for
      2.1 and later.
    * Also replace usage of bouncycastle's Arrays.fill with Java's
      own, which was a bug in some compaction ITs.
---
 pom.xml                                                             | 6 +++---
 test/pom.xml                                                        | 4 ++--
 .../org/apache/accumulo/test/compaction/CompactionExecutorIT.java   | 2 +-
 .../main/java/org/apache/accumulo/test/functional/CompactionIT.java | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/pom.xml b/pom.xml
index 68ed4d64ad..4866511857 100644
--- a/pom.xml
+++ b/pom.xml
@@ -148,7 +148,7 @@
     <unitTestMemSize>-Xmx1G</unitTestMemSize>
     <!-- dependency and plugin versions managed with properties -->
     <version.auto-service>1.1.1</version.auto-service>
-    <version.bouncycastle>1.70</version.bouncycastle>
+    <version.bouncycastle>1.76</version.bouncycastle>
     <version.curator>5.5.0</version.curator>
     <version.errorprone>2.20.0</version.errorprone>
     <version.hadoop>3.3.6</version.hadoop>
@@ -568,12 +568,12 @@
       </dependency>
       <dependency>
         <groupId>org.bouncycastle</groupId>
-        <artifactId>bcpkix-jdk15on</artifactId>
+        <artifactId>bcpkix-jdk18on</artifactId>
         <version>${version.bouncycastle}</version>
       </dependency>
       <dependency>
         <groupId>org.bouncycastle</groupId>
-        <artifactId>bcprov-jdk15on</artifactId>
+        <artifactId>bcprov-jdk18on</artifactId>
         <version>${version.bouncycastle}</version>
       </dependency>
       <dependency>
diff --git a/test/pom.xml b/test/pom.xml
index fd0e417ef5..07fb24f1ae 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -184,11 +184,11 @@
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
-      <artifactId>bcpkix-jdk15on</artifactId>
+      <artifactId>bcpkix-jdk18on</artifactId>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
-      <artifactId>bcprov-jdk15on</artifactId>
+      <artifactId>bcprov-jdk18on</artifactId>
     </dependency>
     <dependency>
       <groupId>org.easymock</groupId>
diff --git 
a/test/src/main/java/org/apache/accumulo/test/compaction/CompactionExecutorIT.java
 
b/test/src/main/java/org/apache/accumulo/test/compaction/CompactionExecutorIT.java
index fa01a66389..4697f20f33 100644
--- 
a/test/src/main/java/org/apache/accumulo/test/compaction/CompactionExecutorIT.java
+++ 
b/test/src/main/java/org/apache/accumulo/test/compaction/CompactionExecutorIT.java
@@ -26,6 +26,7 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
 import java.io.IOException;
 import java.io.UncheckedIOException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.EnumSet;
 import java.util.HashMap;
 import java.util.List;
@@ -68,7 +69,6 @@ import org.apache.accumulo.harness.SharedMiniClusterBase;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.io.Text;
-import org.bouncycastle.util.Arrays;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeAll;
diff --git 
a/test/src/main/java/org/apache/accumulo/test/functional/CompactionIT.java 
b/test/src/main/java/org/apache/accumulo/test/functional/CompactionIT.java
index efa7d3ffc9..9bff345b17 100644
--- a/test/src/main/java/org/apache/accumulo/test/functional/CompactionIT.java
+++ b/test/src/main/java/org/apache/accumulo/test/functional/CompactionIT.java
@@ -28,6 +28,7 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
 import java.io.IOException;
 import java.time.Duration;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.EnumSet;
 import java.util.List;
 import java.util.Map;
@@ -86,7 +87,6 @@ import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.fs.RawLocalFileSystem;
 import org.apache.hadoop.io.Text;
-import org.bouncycastle.util.Arrays;
 import org.junit.jupiter.api.Test;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

Reply via email to