Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork277
Upgrade utils-mail-smime dependency to 2.3.2, to resolve CVE issue in bouncycastle#506
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
latest version of the smime-module should refer to utils-mail-smime version 2.3.2.
rover886 commentedApr 23, 2024
Hi@bbottema we received an snyk report mentioning To resolve this we updated smime-module to 8.8.3 but it still not resolved the issue, because 8.8.3 is still referring to utils-mail-smime version 2.3.1 which again refers to version 1.75 of BC. Hence this PR is to bump up the version of utils-mail-smime to 2.3.2 which is latest and which refers to 1.78 version of BC. |
bbottema commentedApr 23, 2024 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
I'm in the process of updating a lot of 3rd party dependencies, to solve all transitive known CVE issues. However, I can release a patch version for you in the meantime. |
bbottema commentedApr 23, 2024
Released in 8.8.4. |
rover886 commentedApr 24, 2024
Tons of thanks@bbottema for taking this effort to release a new version with lighting fast speed. |
bbottema commentedApr 26, 2024
I just released 8.9.0, see detailshere. |
latest version of the smime-module should refer to utils-mail-smime version 2.3.2.