-
Type:
Task
-
Status: Closed
-
Priority:
Normal
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: SERVER 5.0.0
-
Component/s: Puppet Server
-
Labels:
-
Template:customfield_10700 161276
-
Epic Link:
-
Team:Systems Engineering
-
Sub-team:
-
Story Points:3
-
Sprint:SE 2016-11-30, Server 2017-05-31, Server 2017-06-14
-
Release Notes:New Feature
-
Release Notes Summary:
There are some security and compatibility fixes in recent versions of bouncycastle and jruby-openssl. We need to bump bouncycastle to the latest version (1.55), and validate that we are shipping the latest jruby-openssl (and upgrade it if we aren't).
We already landed a PR against jvm-ssl-utils that upgrades bouncycastle, so we just need to promote that change up through the dependencies into Puppet Server.
As for jruby-openssl, I believe that is shipped as part of the core JRuby package, and that we are already on the latest version of the 1.7.x JRuby series, so there may not be any work required there... but as part of this ticket we should verify that, and if the one included with the latest JRuby package isn't the latest version, see what would be necessary to upgrade.