Update BouncyCastle dependencies from jdk15to18 to jdk18on #12317
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Stephen Crawford <[email protected]>
stephen-crawford
requested review from
peternied,
abbashus,
adnapibar,
anasalkouz,
andrross,
Bukhtawar,
CEHENKLE,
dblock,
dbwiddis,
dreamer-89,
gbbafna,
kartg,
kotwanikunal,
mch2,
msfroh,
nknize,
owaiskazi19,
reta,
Rishikesh1159,
ryanbogan,
sachinpkale,
saratvemulapalli,
shwetathareja,
sohami,
tlfeng and
VachaShah
as code owners
stephen-crawford
changed the title
Signed-off-by: Stephen Crawford <[email protected]>
|
❌ Gradle check result for c2dc38b: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
This is the recommended BouncyCastle version. The current version we use (15to18) is meant for projects which cannot support multi-release jars. Per the website:
https://www.bouncycastle.org/latest_releases.html Seems like it should be fine @peternied |
peternied
reviewed
Feb 14, 2024
peternied
dismissed
their stale review
Blocking comment on the library version isn't applicable.
Signed-off-by: Stephen Crawford <[email protected]>
reta
approved these changes
Feb 14, 2024
kotwanikunal
approved these changes
Feb 14, 2024
peternied
approved these changes
Feb 14, 2024
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #12317 +/- ##
============================================
+ Coverage 71.32% 71.36% +0.03%
- Complexity 59764 59770 +6
============================================
Files 4959 4959
Lines 281129 281129
Branches 40857 40857
============================================
+ Hits 200513 200614 +101
+ Misses 63947 63864 -83
+ Partials 16669 16651 -18 ☔ View full report in Codecov by Sentry. |
|
The backport to To backport manually, run these commands in your terminal: # Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/OpenSearch/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/OpenSearch/backport-2.x
# Create a new branch
git switch --create backport/backport-12317-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 6099ed99fe68a739e60bf0c13c9954ec5c890fac
# Push it to GitHub
git push --set-upstream origin backport/backport-12317-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/OpenSearch/backport-2.xThen, create a pull request where the |
|
@scrawfor99 Could you manually backport this change to the 2.x branch? |
This was referenced Feb 14, 2024
Merged
stephen-crawford
added a commit
to opensearch-project/security
that referenced
this pull request
Feb 14, 2024
### Description [Describe what this change achieves] Following: opensearch-project/OpenSearch#12317 in core, this PR increases the version used for bouncycastle in the Security plugin. This is an attempt to correct the intermittent failures described here: [#3299](#3299) ### Check List - [ ] ~New functionality includes testing~ - [ ] ~New functionality has been documented~ - [x] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Stephen Crawford <[email protected]>
peternied
pushed a commit
that referenced
this pull request
Feb 14, 2024
…15to18 to jdk18on (#12326) Signed-off-by: Stephen Crawford <[email protected]>
peteralfonsi
pushed a commit
to peteralfonsi/OpenSearch
that referenced
this pull request
Mar 1, 2024
…h-project#12317) Signed-off-by: Stephen Crawford <[email protected]>
rayshrey
pushed a commit
to rayshrey/OpenSearch
that referenced
this pull request
Mar 18, 2024
…h-project#12317) Signed-off-by: Stephen Crawford <[email protected]>
shiv0408
pushed a commit
to Gaurav614/OpenSearch
that referenced
this pull request
Apr 25, 2024
…h-project#12317) Signed-off-by: Stephen Crawford <[email protected]> Signed-off-by: Shivansh Arora <[email protected]>
mwilso3
pushed a commit
to mwilso3/OpenSearch-fork
that referenced
this pull request
May 1, 2024
…h-project#12317) Signed-off-by: Milly Wilson <[email protected]>
mwilso3
pushed a commit
to mwilso3/OpenSearch-fork
that referenced
this pull request
May 1, 2024
…k18on (opensearch-project#12317) Signed-off-by: Milly Wilson <[email protected]>
dlin2028
pushed a commit
to dlin2028/security
that referenced
this pull request
May 1, 2024
…project#4052) ### Description [Describe what this change achieves] Following: opensearch-project/OpenSearch#12317 in core, this PR increases the version used for bouncycastle in the Security plugin. This is an attempt to correct the intermittent failures described here: [opensearch-project#3299](opensearch-project#3299) ### Check List - [ ] ~New functionality includes testing~ - [ ] ~New functionality has been documented~ - [x] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Stephen Crawford <[email protected]>
4 tasks
reta
added a commit
that referenced
this pull request
May 6, 2024
…0172, CVE-2024-30171 and CVE-2024-29857) (#13484) * [Backport][1.3] Bump BouncyCastle to 1.76 (#10219) Signed-off-by: Milly Wilson <[email protected]> * [Backport][1.3] Update BouncyCastle dependencies from jdk15to18 to jdk18on (#12317) Signed-off-by: Milly Wilson <[email protected]> * [Backport][1.3] Bump bouncycastle from 1.77 to 1.78 (#13243) Signed-off-by: Milly Wilson <[email protected]> * PR#13484 Re-work * Update BC from 1.78 to 1.78.1 with latest fixes. * Remove incorrect jdk15to18 module replacement definitions as artifacts are still supported. * Add release notes. * Remove unneccessary license additions. Signed-off-by: Milly Wilson <[email protected]> * PR#13484 Re-work * Rename licenses from jdk18on to jdk15to18 and 1.78 to 1.78.1. * Update SHAs for BC 1.78.1 licenses. Signed-off-by: Milly Wilson <[email protected]> * PR#13484 Re-work Update Changelog and remove release notes file as this will be created upon release. Signed-off-by: Milly Wilson <[email protected]> --------- Signed-off-by: Milly Wilson <[email protected]> Co-authored-by: Andrey Pleskach <[email protected]> Co-authored-by: Stephen Crawford <[email protected]> Co-authored-by: Andriy Redko <[email protected]>
bowenlan-amzn
pushed a commit
to bowenlan-amzn/OpenSearch
that referenced
this pull request
May 24, 2024
…h-project#12317) Signed-off-by: Stephen Crawford <[email protected]>
DarshitChanpura
pushed a commit
to DarshitChanpura/security
that referenced
this pull request
Jul 30, 2024
…project#4052) [Describe what this change achieves] Following: opensearch-project/OpenSearch#12317 in core, this PR increases the version used for bouncycastle in the Security plugin. This is an attempt to correct the intermittent failures described here: [opensearch-project#3299](opensearch-project#3299) - [ ] ~New functionality includes testing~ - [ ] ~New functionality has been documented~ - [x] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Stephen Crawford <[email protected]> (cherry picked from commit b7b49b9)
DarshitChanpura
pushed a commit
to DarshitChanpura/security
that referenced
this pull request
Jul 31, 2024
…project#4052) [Describe what this change achieves] Following: opensearch-project/OpenSearch#12317 in core, this PR increases the version used for bouncycastle in the Security plugin. This is an attempt to correct the intermittent failures described here: [opensearch-project#3299](opensearch-project#3299) - [ ] ~New functionality includes testing~ - [ ] ~New functionality has been documented~ - [x] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Stephen Crawford <[email protected]> (cherry picked from commit b7b49b9) Signed-off-by: Darshit Chanpura <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This change updates bouncy castle dependencies to the most recent jdk18on versions. The reason for this change is because it may fix an intermittent AEAD cipher failure experienced on cluster start.
Related Issues
Check List
New functionality includes testing.All tests passNew functionality has been documented.New functionality has javadoc addedFailing checks are inspected and point to the corresponding known issue(s) (See: Troubleshooting Failing Builds)Public documentation issue/PR createdBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.