From 4c3be4992fb37a01ca087e6c95ba100e8688444f Mon Sep 17 00:00:00 2001 From: Ludy Date: Wed, 20 May 2026 15:11:43 +0200 Subject: [PATCH] deps: align Bouncy Castle modules to shared version property (#6362) --- build.gradle | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/build.gradle b/build.gradle index f20ad18c5..ec0a8c5df 100644 --- a/build.gradle +++ b/build.gradle @@ -24,7 +24,7 @@ ext { pdfboxVersion = "3.0.7" imageioVersion = "3.13.1" lombokVersion = "1.18.46" - bouncycastleVersion = "1.83" + bouncycastleVersion = "1.84" springSecuritySamlVersion = "7.0.5" openSamlVersion = "5.2.1" commonmarkVersion = "0.28.0" @@ -197,7 +197,6 @@ subprojects { exclude group: 'org.bouncycastle', module: 'bcutil-jdk15on' exclude group: 'org.bouncycastle', module: 'bcmail-jdk15on' - // Security CVE fixes - hardcoded resolution strategy to ensure safe versions // Primary fixes via explicit dependencies in app/core/build.gradle: // - CVE-2022-25647: gson 2.8.9+ (explicit dependency overrides tabula 2.8.7) @@ -209,9 +208,10 @@ subprojects { resolutionStrategy.force 'org.apache.commons:commons-lang3:3.20.0' // CVE-2024-47554: commons-io 2.21.0 DoS prevention resolutionStrategy.force 'commons-io:commons-io:2.21.0' - // Bouncycastle 1.83 (from bouncycastleVersion variable) - resolutionStrategy.force 'org.bouncycastle:bcprov-jdk18on:1.83' - resolutionStrategy.force 'org.bouncycastle:bcpkix-jdk18on:1.83' + // Keep BouncyCastle modules aligned to avoid runtime linkage errors + resolutionStrategy.force "org.bouncycastle:bcprov-jdk18on:${bouncycastleVersion}" + resolutionStrategy.force "org.bouncycastle:bcpkix-jdk18on:${bouncycastleVersion}" + resolutionStrategy.force "org.bouncycastle:bcutil-jdk18on:${bouncycastleVersion}" } dependencyManagement {