Skip to content

Commit a3c4b08

Browse files
authored
Upgrade Bouncy Castle FIPS jars for plugin cli (#103801)
This commit upgrades bc-fips and bcpg-fips to the lastest available versions for 7.17. related: #100923
1 parent 0d887b1 commit a3c4b08

File tree

4 files changed

+27
-7
lines changed

4 files changed

+27
-7
lines changed

distribution/tools/plugin-cli/build.gradle

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,13 +15,21 @@ base {
1515
dependencies {
1616
compileOnly project(":server")
1717
compileOnly project(":libs:elasticsearch-cli")
18-
api "org.bouncycastle:bcpg-fips:1.0.4"
19-
api "org.bouncycastle:bc-fips:1.0.2"
18+
api "org.bouncycastle:bcpg-fips:1.0.7.1"
19+
api "org.bouncycastle:bc-fips:1.0.2.4"
2020
testImplementation project(":test:framework")
2121
testImplementation "com.google.jimfs:jimfs:${versions.jimfs}"
2222
testRuntimeOnly "com.google.guava:guava:${versions.jimfs_guava}"
2323
}
2424

25+
configurations.configureEach {
26+
resolutionStrategy.eachDependency { DependencyResolveDetails details ->
27+
if (details.requested.group == 'org.bouncycastle' && details.requested.name == 'bc-fips') {
28+
details.useVersion '1.0.2.4' // to avoid jar hell
29+
}
30+
}
31+
}
32+
2533
tasks.named("dependencyLicenses").configure {
2634
mapping from: /bc.*/, to: 'bouncycastle'
2735
}

docs/changelog/103801.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
pr: 103801
2+
summary: Upgrade Bouncy Castle jars for plugin cli
3+
area: "Security"
4+
type: upgrade
5+
issues: []

gradle/verification-metadata.xml

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<?xml version="1.0" encoding="UTF-8"?>
2-
<verification-metadata xmlns="https://schema.gradle.org/dependency-verification" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="https://schema.gradle.org/dependency-verification https://schema.gradle.org/dependency-verification/dependency-verification-1.2.xsd">
2+
<verification-metadata xmlns="https://schema.gradle.org/dependency-verification" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="https://schema.gradle.org/dependency-verification https://schema.gradle.org/dependency-verification/dependency-verification-1.3.xsd">
33
<configuration>
44
<verify-metadata>false</verify-metadata>
55
<verify-signatures>false</verify-signatures>
@@ -3160,14 +3160,19 @@
31603160
<sha256 value="b4340d7a9cc0d3664d6c560e2fcee9c7da6e6ae314855923c758fa32fff5b94e" origin="Generated by Gradle"/>
31613161
</artifact>
31623162
</component>
3163+
<component group="org.bouncycastle" name="bc-fips" version="1.0.2.4">
3164+
<artifact name="bc-fips-1.0.2.4.jar">
3165+
<sha256 value="703ecd8a3a619800269bc8cd442f2ebf469bd2fe70478364f58ddc6460c35f9f" origin="Generated by Gradle"/>
3166+
</artifact>
3167+
</component>
31633168
<component group="org.bouncycastle" name="bcmail-jdk15on" version="1.64">
31643169
<artifact name="bcmail-jdk15on-1.64.jar">
31653170
<sha256 value="9b88abe9e981d17113a081a4b4261f4082ccdf9144a8a8373fc460c586f6b13a" origin="Generated by Gradle"/>
31663171
</artifact>
31673172
</component>
3168-
<component group="org.bouncycastle" name="bcpg-fips" version="1.0.4">
3169-
<artifact name="bcpg-fips-1.0.4.jar">
3170-
<sha256 value="b73c80be1099c4756c088cb457a82040509b787519af5c72c9c3d1bff357565e" origin="Generated by Gradle"/>
3173+
<component group="org.bouncycastle" name="bcpg-fips" version="1.0.7.1">
3174+
<artifact name="bcpg-fips-1.0.7.1.jar">
3175+
<sha256 value="fea1a096c098395eb67d48700c349d5f75321ef0c7c6af9198bc38f4cc836622" origin="Generated by Gradle"/>
31713176
</artifact>
31723177
</component>
31733178
<component group="org.bouncycastle" name="bcpg-jdk15on" version="1.69">

qa/evil-tests/build.gradle

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,9 @@ apply plugin: 'elasticsearch.standalone-test'
1818
dependencies {
1919
testImplementation "com.google.jimfs:jimfs:1.2"
2020
testImplementation project(":test:framework")
21-
testImplementation project(':distribution:tools:plugin-cli')
21+
testImplementation(project(':distribution:tools:plugin-cli')) {
22+
exclude group: 'org.bouncycastle', module: 'bc-fips' // to avoid jar hell
23+
}
2224
}
2325

2426
// TODO: give each evil test its own fresh JVM for more isolation.

0 commit comments

Comments
 (0)