BC-FIPS 1.0.2.3 Vulnerability and compatible with JAVA 17 #1445
-
Hi, The current application uses "bc-fips" version 1.0.2.3 and we are planning to upgrade to Java 17 but as all of us know that "bc-fips" version 1.0.2.3 has the GHSA-68m8-v89j-7j2p bug logged which is a problem. I also understand there is one patch ready but not released yet. Can you please provide your input on this and also can we uptake that patch which is ready for early release to proceed? or do you have a tentative date for the release of the Jar with the CVE fix? Thanks. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
@dghgit - can you please assist or route this to the correct stakeholders? Thank you in advance. |
Beta Was this translation helpful? Give feedback.
-
1.0.2.4 is available under the support early access program, it's possible to use it now but we would need to provide some additional paperwork for you to use. We expect it will be another 4 or 5 months before it's certified and possible to provide it for general access. |
Beta Was this translation helpful? Give feedback.
-
1.0.2.4 is now available on Maven Central and the BC FIPS pages. |
Beta Was this translation helpful? Give feedback.
1.0.2.4 is now available on Maven Central and the BC FIPS pages.