cos-java-sdk-v5 icon indicating copy to clipboard operation
cos-java-sdk-v5 copied to clipboard
verified publisher icon tencentyun

bcprov-jdk15on高危安全漏洞

Open buaazyl opened this issue 1 year ago • 6 comments

如题,请升级依赖版本

buaazyl avatar Oct 25 '24 06:10 buaazyl

已升级bcprov-jdk15on版本

Dzkol avatar Oct 30 '24 03:10 Dzkol

bcprov-jdk15on 漏洞太多,而且也不更新了,为啥不升级到bcprov-jdk18on呢

buaazyl avatar Oct 30 '24 03:10 buaazyl

升级bcprov-jdk18on目前已经在评估和排期中了哈

Dzkol avatar Oct 30 '24 03:10 Dzkol

https://github.com/tencentyun/cos-java-sdk-v5/pull/176 @Dzkol

leshalv avatar Nov 03 '24 14:11 leshalv

https://github.com/tencentyun/cos-java-sdk-v5/issues/103 都好久了,一年都要过去了,本身该SDK起步就是1.8,升级应该没有多费劲吧!

leshalv avatar Nov 03 '24 14:11 leshalv

方案评审过程中,由于评估到直接升级可能会导致存量客户出现兼容性问题,因此暂不进行该操作。短期内您可以在引入cos java sdk时把jdk15on的包添加到exclusion里,然后额外引入jdk18on的包来解决。例如:

<dependency>
            <groupId>com.qcloud</groupId>
            <artifactId>cos_api</artifactId>
            <version>5.6.231</version>
	     <exclusions>
                <exclusion>
                    <groupId>org.bouncycastle</groupId>
                    <artifactId>bcprov-jdk15on</artifactId>
                </exclusion>
            </exclusions>
</dependency>
<dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk18on</artifactId>
            <version>1.79</version>
</dependency>

Dzkol avatar Feb 07 '25 11:02 Dzkol