bcprov-jdk15on高危安全漏洞 #223

buaazyl · 2024-10-25T06:21:43Z

如题，请升级依赖版本

Dzkol · 2024-10-30T03:07:31Z

已升级bcprov-jdk15on版本

buaazyl · 2024-10-30T03:11:09Z

bcprov-jdk15on 漏洞太多，而且也不更新了，为啥不升级到bcprov-jdk18on呢

Dzkol · 2024-10-30T03:18:02Z

升级bcprov-jdk18on目前已经在评估和排期中了哈

leshalv · 2024-11-03T14:28:50Z

#176 @Dzkol

leshalv · 2024-11-03T14:30:25Z

#103 都好久了，一年都要过去了，本身该SDK起步就是1.8，升级应该没有多费劲吧！

Dzkol · 2025-02-07T11:57:57Z

方案评审过程中，由于评估到直接升级可能会导致存量客户出现兼容性问题，因此暂不进行该操作。短期内您可以在引入cos java sdk时把jdk15on的包添加到exclusion里，然后额外引入jdk18on的包来解决。例如：

<dependency>
            <groupId>com.qcloud</groupId>
            <artifactId>cos_api</artifactId>
            <version>5.6.231</version>
	     <exclusions>
                <exclusion>
                    <groupId>org.bouncycastle</groupId>
                    <artifactId>bcprov-jdk15on</artifactId>
                </exclusion>
            </exclusions>
</dependency>
<dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk18on</artifactId>
            <version>1.79</version>
</dependency>

leshalv mentioned this issue Feb 3, 2025

关于 cos sdk 的相关建议 TencentCloud/tencentcloud-sdk-java#248

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bcprov-jdk15on高危安全漏洞 #223

bcprov-jdk15on高危安全漏洞 #223

buaazyl commented Oct 25, 2024

Dzkol commented Oct 30, 2024

buaazyl commented Oct 30, 2024

Dzkol commented Oct 30, 2024

leshalv commented Nov 3, 2024 •

edited

Loading

leshalv commented Nov 3, 2024

Dzkol commented Feb 7, 2025

bcprov-jdk15on高危安全漏洞 #223

bcprov-jdk15on高危安全漏洞 #223

Comments

buaazyl commented Oct 25, 2024

Dzkol commented Oct 30, 2024

buaazyl commented Oct 30, 2024

Dzkol commented Oct 30, 2024

leshalv commented Nov 3, 2024 • edited Loading

leshalv commented Nov 3, 2024

Dzkol commented Feb 7, 2025

leshalv commented Nov 3, 2024 •

edited

Loading