Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GEOS-11608] Update Bouncy Castle Crypto package from bcprov-jdk15on:1.69 to bcprov-jdk18on:1.79 #8022

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[GEOS-11608] Update Bouncy Castle Crypto package from bcprov-jdk15on:1.69 to bcprov-jdk18on:1.79 #8022

wants to merge 2 commits into from

Conversation

mprins
Copy link
Member

@mprins mprins commented Nov 10, 2024
edited
Loading

GEOS-11608 Powered by Pull Request Badge

upgrade from Java 5 to Java 8 version and update to latest release

Checklist

For core and extension modules:

  • New unit tests have been added covering the changes.
  • Documentation has been updated (if change is visible to end users).
  • The REST API docs have been updated (when changing configuration objects or the REST controllers).
  • There is an issue in the GeoServer Jira (except for changes that do not affect administrators or end users in any way).
  • Commit message(s) must be in the form [GEOS-XYZWV] Title of the Jira ticket.
  • Bug fixes and small new features are presented as a single commit.
  • Each commit has a single objective (if there are multiple commits, each has a separate JIRA ticket describing its goal).

@mprins mprins added the dependencies Pull requests that update a dependency file label Nov 10, 2024
@mprins mprins self-assigned this Nov 10, 2024
@mprins mprins changed the title [WIP] Attempt bcprov-jdk upgrade [WIP] [GEOS-11608] Update Bouncy Castle Crypto package from bcprov-jdk15on:1.69 to bcprov-jdk18on:1.79 Nov 18, 2024
@aaime
Copy link
Member

aaime commented Nov 18, 2024

I think it's looking good? The failure on "Run CITE Tests / CITE (ogcapi-features10) (pull_request)" is unrelated and has been fixed, you can verify by rebasing this PR onto main.

@mprins
Copy link
Member Author

mprins commented Nov 18, 2024

There is a community module "gs-sec-oauth2-openid-connect" that has a dependency on the seemingly abandoned org.springframework.security:spring-security-jwt:1.0.11.RELEASE (dated 16-Oct-2019) which drags in org.bouncycastle:bcprov-jdk15on; I've fixed that using dependencyManagment, so all use of BCProv is now org.bouncycastle:bcprov-jdk18on:1.79
dependency tree

@mprins mprins force-pushed the bcprov-upgrade branch 2 times, most recently from 2398312 to b5ac611 Compare November 18, 2024 12:29
@mprins mprins added backport 2.25.x Instructs the bot to create a 2.25.x backport PR on merge backport 2.26.x Instructs the bot to create a 2.26.x backport PR on merge and removed backport 2.25.x Instructs the bot to create a 2.25.x backport PR on merge labels Nov 18, 2024
@aaime
Copy link
Member

aaime commented Nov 18, 2024

Ouch yeah, that module is still in use, need to figure out if the change affects it.

@mprins
[GEOS-11608] Update Bouncy Castle Crypto package from bcprov-jdk15on:…
c079064 
…1.69 to bcprov-jdk18on:1.79

upgrade from Java 5 to Java 8 version and update to latest release

Exclude bcprov-jdk15on in gs-sec-oauth2-openid-connect-core and replace with bcprov-jdk18on
@mprins mprins changed the title [WIP] [GEOS-11608] Update Bouncy Castle Crypto package from bcprov-jdk15on:1.69 to bcprov-jdk18on:1.79 [GEOS-11608] Update Bouncy Castle Crypto package from bcprov-jdk15on:1.69 to bcprov-jdk18on:1.79 Nov 18, 2024
@mprins mprins marked this pull request as ready for review November 18, 2024 16:10
@mprins
Copy link
Member Author

mprins commented Nov 18, 2024

All oauth and oidc module tests pass locally after adding jupiter, but I don't have access to a oidc testing instance.
AFAICT from documentation things should just work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@mprins mprins

Labels
backport 2.26.x Instructs the bot to create a 2.26.x backport PR on merge dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mprins @aaime