From b18bd44aff004ffe5bf43c8ab0e2bf89499c5ede Mon Sep 17 00:00:00 2001
From: Spolti <fspolti@redhat.com>
Date: Thu, 16 Nov 2023 18:06:10 -0300
Subject: [PATCH] Address bounce castle cve alert

chore: Update bouncy castle depdendency to address the following vulnerability:
- [CVE-2023-33201](https://nvd.nist.gov/vuln/detail/CVE-2023-33201): Bouncy Castle For Java LDAP injection vulnerability

Signed-off-by: Spolti <fspolti@redhat.com>
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index aa1997df..fc3159c9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -74,7 +74,7 @@
     <!-- Care must be taken when updating the prometheus client lib version
          since we have some custom optimized extensions to this -->
     <prometheus-version>0.9.0</prometheus-version>
-    <bouncycastle-version>1.70</bouncycastle-version>
+    <bouncycastle-version>1.74</bouncycastle-version>
     <junit-version>5.9.3</junit-version>
 
     <dockerhome>${project.build.directory}/dockerhome</dockerhome>
@@ -450,7 +450,7 @@
        generate a self-signed server certificate -->
     <dependency>
       <groupId>org.bouncycastle</groupId>
-      <artifactId>bcpkix-jdk15on</artifactId>
+      <artifactId>bcpkix-jdk18on</artifactId>
       <version>${bouncycastle-version}</version>
     </dependency>