Skip to content

Commit

Permalink
Address bounce castle cve alert
Browse files Browse the repository at this point in the history
chore: Update bouncy castle depdendency to address the following vulnerability:
- [CVE-2023-33201](https://nvd.nist.gov/vuln/detail/CVE-2023-33201): Bouncy Castle For Java LDAP injection vulnerability

Signed-off-by: Spolti <[email protected]>
  • Loading branch information
spolti committed Nov 16, 2023
1 parent 8b36883 commit 281cbc2
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@
<!-- Care must be taken when updating the prometheus client lib version
since we have some custom optimized extensions to this -->
<prometheus-version>0.9.0</prometheus-version>
<bouncycastle-version>1.70</bouncycastle-version>
<bouncycastle-version>1.74</bouncycastle-version>
<junit-version>5.10.0</junit-version>

<dockerhome>${project.build.directory}/dockerhome</dockerhome>
Expand Down Expand Up @@ -450,7 +450,7 @@
generate a self-signed server certificate -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>${bouncycastle-version}</version>
</dependency>

Expand Down

0 comments on commit 281cbc2

Please sign in to comment.