Skip to content

[Backport 1.3.x] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857)#13484

Merged
reta merged 6 commits intoopensearch-project:1.3from
mwilso3:mwilso3/backport-bc-1.78
May 6, 2024
Merged

[Backport 1.3.x] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857)#13484
reta merged 6 commits intoopensearch-project:1.3from
mwilso3:mwilso3/backport-bc-1.78

Conversation

@mwilso3
Copy link
Copy Markdown

@mwilso3 mwilso3 commented May 1, 2024
edited
Loading

Description

Backporting all BouncyCastle upgrades from 1.75 to 1.78.1.

Related Issues

Resolves CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857.

Check List

  • Failing checks are inspected and point to the corresponding known issue(s) (See: Troubleshooting Failing Builds)
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)
  • Public documentation issue/PR created

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

willyborankin and others added 3 commits May 1, 2024 15:08
@willyborankin @mwilso3
[Backport][1.3] Bump BouncyCastle to 1.76 (opensearch-project#10219)
62fb37a 
Signed-off-by: Milly Wilson <mwilson3@atlassian.com>
@stephen-crawford @mwilso3
[Backport][1.3] Update BouncyCastle dependencies from jdk15to18 to jd…
12bc91d 
…k18on (opensearch-project#12317)

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>
@reta @mwilso3
[Backport][1.3] Bump bouncycastle from 1.77 to 1.78 (opensearch-proje…
6115adc 
…ct#13243)

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>
@mwilso3 mwilso3 changed the title [Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78 [WIP][Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78 May 1, 2024
@mwilso3 mwilso3 changed the title [WIP][Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78 [Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78 May 1, 2024
@mwilso3 mwilso3 marked this pull request as draft May 1, 2024 05:28
@mwilso3 mwilso3 mentioned this pull request May 1, 2024
Merged
8 tasks
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented May 1, 2024

Gradle Check (Jenkins) Run Completed with:

@mwilso3 mwilso3 force-pushed the mwilso3/backport-bc-1.78 branch from 4ab9346 to 4819872 Compare May 1, 2024 06:00
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented May 1, 2024

Gradle Check (Jenkins) Run Completed with:

@mwilso3 mwilso3 force-pushed the mwilso3/backport-bc-1.78 branch 3 times, most recently from 2faec2e to c04d0b9 Compare May 1, 2024 06:02
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented May 1, 2024

Gradle Check (Jenkins) Run Completed with:

reta
reta reviewed May 1, 2024
View reviewed changes
reta
reta reviewed May 1, 2024
View reviewed changes
@mwilso3 mwilso3 force-pushed the mwilso3/backport-bc-1.78 branch from d1969d3 to 7e32318 Compare May 2, 2024 05:35
@mwilso3
PR#13484 Re-work
61b9605 
* Update BC from 1.78 to 1.78.1 with latest fixes.
* Remove incorrect jdk15to18 module replacement definitions as artifacts are still supported.
* Add release notes.
* Remove unneccessary license additions.

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>
@mwilso3 mwilso3 force-pushed the mwilso3/backport-bc-1.78 branch from 7e32318 to 61b9605 Compare May 2, 2024 05:37
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented May 2, 2024

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented May 2, 2024

Gradle Check (Jenkins) Run Completed with:

@mwilso3 mwilso3 force-pushed the mwilso3/backport-bc-1.78 branch from 8c43d5d to 79bb137 Compare May 3, 2024 04:03
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented May 3, 2024

Gradle Check (Jenkins) Run Completed with:

@mwilso3
Copy link
Copy Markdown
Author

mwilso3 commented May 3, 2024
edited
Loading

Alrighty, build should be good - passing locally. Should be good for final review.

Post merge, how are releases co-ordinated and what's the cadence like with patch releases?

@reta @dblock @bbarani

@mwilso3
PR#13484 Re-work
230a392 
* Rename licenses from jdk18on to jdk15to18 and 1.78 to 1.78.1.
* Update SHAs for BC 1.78.1 licenses.

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>
@mwilso3 mwilso3 force-pushed the mwilso3/backport-bc-1.78 branch from fd1a389 to 230a392 Compare May 3, 2024 04:23
@mwilso3 mwilso3 marked this pull request as ready for review May 3, 2024 04:26
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented May 3, 2024

Gradle Check (Jenkins) Run Completed with:

@mwilso3 mwilso3 changed the title [Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78 [Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78.1 May 3, 2024
@mwilso3 mwilso3 changed the title [Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78.1 [Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) May 3, 2024
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented May 3, 2024

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented May 3, 2024

Gradle Check (Jenkins) Run Completed with:

@reta
Copy link
Copy Markdown
Contributor

reta commented May 3, 2024

Post merge, how are releases co-ordinated and what's the cadence like with patch releases?

Thanks a lot @mwilso3 , please check [1] for release schedules.

[1] https://opensearch.org/releases.html

reta
reta reviewed May 3, 2024
View reviewed changes
@mwilso3
PR#13484 Re-work
c76ea32 
Update Changelog and remove release notes file as this will be created upon release.

Signed-off-by: Milly Wilson <mwilson3@atlassian.com>
@mwilso3 mwilso3 changed the title [Backport][1.3] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) May 5, 2024
@mwilso3 mwilso3 changed the title Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) [Backport 1.3.x] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) May 5, 2024
@mwilso3 mwilso3 changed the title [Backport 1.3.x] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) [Backport 1.3] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) May 5, 2024
@mwilso3 mwilso3 changed the title [Backport 1.3] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) [Backport 1.3.x] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) May 5, 2024
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented May 5, 2024

Gradle Check (Jenkins) Run Completed with:

reta
reta approved these changes May 6, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@reta reta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot, @mwilso3 !

@reta reta merged commit 81f1122 into opensearch-project:1.3 May 6, 2024
@jaguilar-atl jaguilar-atl mentioned this pull request Jun 12, 2024
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@reta reta reta approved these changes

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@andrross andrross Awaiting requested review from andrross andrross is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna is a code owner

@kotwanikunal kotwanikunal Awaiting requested review from kotwanikunal kotwanikunal is a code owner

@mch2 mch2 Awaiting requested review from mch2 mch2 is a code owner

@nknize nknize Awaiting requested review from nknize

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@dreamer-89 dreamer-89 Awaiting requested review from dreamer-89

@tlfeng tlfeng Awaiting requested review from tlfeng

@VachaShah VachaShah Awaiting requested review from VachaShah

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mwilso3 @reta @willyborankin @stephen-crawford