Switch to jdk18on bouncycastle jars #11201
Conversation
boring-cyborg
bot
added
component:build
component:console-proxy
component:kubernetes
labels
|
@blueorangutan package |
|
@harikrishna-patnala a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## 4.22 #11201 +/- ##
=========================================
Coverage 17.60% 17.60%
- Complexity 15624 15626 +2
=========================================
Files 5911 5911
Lines 530169 530169
Branches 64785 64785
=========================================
+ Hits 93322 93344 +22
+ Misses 426342 426319 -23
- Partials 10505 10506 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 14192 |
|
@blueorangutan test matrix |
|
@DaanHoogland a [SL] Trillian-Jenkins matrix job (EL8 mgmt + EL8 KVM, Ubuntu22 mgmt + Ubuntu22 KVM, EL8 mgmt + VMware 7.0u3, EL9 mgmt + XCP-ng 8.2 ) has been kicked to run smoke tests |
|
[SF] Trillian Build Failed (tid-13786) |
|
[SF] Trillian Build Failed (tid-13784) |
|
[SF] Trillian Build Failed (tid-13785) |
|
[SF] Trillian Build Failed (tid-13783) |
|
@blueorangutan test matrix |
|
@harikrishna-patnala a [SL] Trillian-Jenkins matrix job (EL8 mgmt + EL8 KVM, Ubuntu22 mgmt + Ubuntu22 KVM, EL8 mgmt + VMware 7.0u3, EL9 mgmt + XCP-ng 8.2 ) has been kicked to run smoke tests |
|
[SF] Trillian Build Failed (tid-13806) |
|
[SF] Trillian Build Failed (tid-13808) |
|
[SF] Trillian Build Failed (tid-13807) |
|
[SF] Trillian Build Failed (tid-13805) |
|
@blueorangutan package |
|
@harikrishna-patnala a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
|
The available versions for bouncy castle provider supporting jdk18 starts from 1.71 to 1.81 (https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on) If we use 1.81 as the provider version
SystemVMs have trouble starting with the error The last version that worked with our code is
At the moment I don't know the reason for "OperatorHelper" class not being found, so I adjusted the code to use 1.72 version. I'm not sure how the mentioned vulnerabilities effects us https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on/1.72 Please review and see if this is fine. |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✖️ debian ✔️ suse15. SL-JID 14254 |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✖️ debian ✔️ suse15. SL-JID 14256 |
pom.xml
Outdated
| <cs.axis2.version>1.6.4</cs.axis2.version> | ||
| <cs.batik.version>1.14</cs.batik.version> | ||
| <cs.bcprov.version>1.70</cs.bcprov.version> | ||
| <cs.bcprov.version>1.72</cs.bcprov.version> |
There was a problem hiding this comment.
According to central mvn repo, 1.72 has 5 vulnerabilities, 1.81 is the latest
It seems here are some imcompatibility issue with 1.81, I think it can be fixed
There was a problem hiding this comment.
@harikrishna-patnala check if the issues with 1.81 can be fixed or not
There was a problem hiding this comment.
I've tried multiple ways to use 1.81 and rewriting code for getting X509Certificate but still facing the same issue. Can someone of you help me here @weizhouapache @sureshanaparti
|
@blueorangutan test |
There was a problem hiding this comment.
Pull request overview
Updates Apache CloudStack’s BouncyCastle dependencies to the jdk18on artifact line and bumps the shared BouncyCastle version to address the security concern in #10954.
Changes:
- Replace
bcprov/bcpkix/bctls-jdk15onartifacts with-jdk18onacross affected modules. - Bump
${cs.bcprov.version}from1.70to1.82and align dependencyManagement entries accordingly. - Update client build/shade/dependency-copy references and exclusions to match the new artifact IDs.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
pom.xml |
Bumps BouncyCastle version property and updates dependencyManagement to -jdk18on artifacts. |
utils/pom.xml |
Switches direct BouncyCastle dependencies to bcprov/bcpkix/bctls-jdk18on. |
services/console-proxy/rdpconsole/pom.xml |
Switches RDP console BouncyCastle dependencies to bcprov/bctls-jdk18on. |
plugins/integrations/kubernetes-service/pom.xml |
Updates Kubernetes plugin BouncyCastle dependencies to bcprov/bctls-jdk18on. |
client/pom.xml |
Updates Jetty plugin deps, dependency-plugin copies, and shade exclusions to -jdk18on artifacts. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
harikrishna-patnala
force-pushed
the
switchBouncyCastleJars
branch
from
6138c02 to
207f819
Compare
boring-cyborg
bot
added
component:api
component:backup
component:management-server
component:networking
component:storage
component:UI
component:virtual-router
distro:ubuntu
Python
harikrishna-patnala
force-pushed
the
switchBouncyCastleJars
branch
from
207f819 to
64d2dce
Compare
|
@blueorangutan package |
|
@harikrishna-patnala a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
|
@borisstoyanov last time we had issues in deploying the system VMs, we need to check if that is still the case |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 16609 |
|
@blueorangutan test |
|
@harikrishna-patnala a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests |
|
This PR still has issues with systemVMs and host additions cc @DaanHoogland |
|
[SF] Trillian Build Failed (tid-15333) |
9 participants
Description
This PR fixes #10954
Types of changes
Bug Severity
Screenshots (if appropriate):
How Has This Been Tested?
Updated my environment with the newer jars and everything seems fine
How did you try to break this feature and the system with this change?