Hello,
There is this CVE that impacts BouncyCastle. I know there are already fixes available, my question is actually pretty similar to this issue, in short Spring Cloud cannot upgrade BouncyCastle as is, see #2293 (comment),, but if the CVE fix was backported to 1.81.x they would be able to upgrade I believe.
Could you check if the fix could be backported? Is this feasible?
Thanks.
Hello,
There is this CVE that impacts BouncyCastle. I know there are already fixes available, my question is actually pretty similar to this issue, in short Spring Cloud cannot upgrade BouncyCastle as is, see #2293 (comment),, but if the CVE fix was backported to 1.81.x they would be able to upgrade I believe.
Could you check if the fix could be backported? Is this feasible?
Thanks.