Merge pull request #295 from cesarhernandezgt/tomee-7.0.x-TT.x-releas…

…e-patch Upgrade to bouncycastle 1.78
tomitribe · Apr 16, 2024 · 99baede · 99baede
2 parents 5d0e89c + afb0654
commit 99baede
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 5 deletions.
diff --git a/boms/tomee-plume/pom.xml b/boms/tomee-plume/pom.xml
@@ -1544,7 +1544,7 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk15to18</artifactId>
-      <version>1.75</version>
+      <version>1.78</version>
       <exclusions>
         <exclusion>
           <artifactId>*</artifactId>

diff --git a/boms/tomee-plus/pom.xml b/boms/tomee-plus/pom.xml
@@ -1599,7 +1599,7 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk15to18</artifactId>
-      <version>1.75</version>
+      <version>1.78</version>
       <exclusions>
         <exclusion>
           <artifactId>*</artifactId>

diff --git a/server/openejb-client/pom.xml b/server/openejb-client/pom.xml
@@ -167,7 +167,7 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcmail-jdk15to18</artifactId>
-      <version>1.75</version>
+      <version>1.78</version>
       <scope>test</scope>
     </dependency>
   </dependencies>

diff --git a/server/openejb-cxf/pom.xml b/server/openejb-cxf/pom.xml
@@ -101,7 +101,7 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk15to18</artifactId>
-      <version>1.75</version>
+      <version>1.78</version>
     </dependency>
     <dependency>
       <groupId>org.apache.wss4j</groupId>

diff --git a/tomee/apache-tomee/src/main/resources/META-INF/release_notes/RELEASE-NOTES-EAP-7.0.x b/tomee/apache-tomee/src/main/resources/META-INF/release_notes/RELEASE-NOTES-EAP-7.0.x
@@ -4,6 +4,7 @@
 * Update to Tomcat 8.5.100-TT.1 to mitigate regression introduced by f29b3127049c1275d02ea0c1dab17b97dd912f5f
 * Upgrade to Tomcat 8.5.100 to mitigate CVE-2024-24549 and CVE-2024-23672
 * Upgrade to CXF 3.1.19-TT.9 to mitigate CVE-2024-28752
+* Upgrade to Bouncy Castle 1.78 to mitigate CVE-2024-29857, CVE-2024-30171, CVE-2024-30172, CVE-2024-301XX.
 
 === Changes in TomEE EAP 7.0.10-TT.23
 * Upgrade to Tomcat 8.5.96 to mitigate CVE-2023-42795

diff --git a/tomee/tomee-embedded/pom.xml b/tomee/tomee-embedded/pom.xml
@@ -475,7 +475,7 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcmail-jdk15to18</artifactId>
-      <version>1.75</version>
+      <version>1.78</version>
       <scope>test</scope>
     </dependency>
   </dependencies>