Comments (8)
Fixed in acme4j 3.1.1.
from acme4j.
Thank you for the report!
acme4j-client
is not affected by this CVE, as the X509 certificates from the CA are only passed through. acme4j-smime
however is validating certificates and might be affected.
I will update the dependencies and provide a new version soon.
from acme4j.
Great! Thanks for your quick response!
from acme4j.
It turned out it's not possible yet, because of an issue that was introduced in Bouncy Castle 1.74: bcgit/bc-java#1492
Unfortunately 1.74 is also the earliest version that fixes the CVE, so there is no solution until that issue has been fixed upstream.
I will release a new version ASAP after that.
from acme4j.
There is already bouncy castle version 1.76. Is the issue solved with this version?
from acme4j.
No, unfortunately not.
If this is a problem for you, you can force the acme4j dependencies to use bouncy castle 1.76. It should work except for the acme4j-smime
module.
from acme4j.
Now that bcgit/bc-java#1492 is fixed, can you upgrade the bouncy castle dependency?
from acme4j.
It seems that BC 1.77 is being rolled out right now, but org.bouncycastle:bcprov-jdk18on:jar:1.77
, org.bouncycastle:bcpkix-jdk18on:jar:1.77
and org.bouncycastle:bcpg-jdk18on:jar:1.77
are not available at Maven Central yet.
As soon as the packages are there, I will release a new version with the fix.
EDIT: All packages are there now. I will prepare the release.
from acme4j.
Related Issues (20)
- Remove service loader mechanism HOT 3
- Did you find any provider for RFC8823 support / email-reply-00 challenges? HOT 4
- The challenge status is always "INVALID" HOT 5
- The challenge status was always "INVALID" HOT 13
- http://${domain}/.well-known/acme-challenge/${token}
- acme4j example is creating zero- length crt files HOT 10
- preferred-chain attribute, for alternate chains HOT 2
- Can only parse traditional files HOT 2
- EAB HMAC keys with arbitrary lengths HOT 5
- add utils to do pre validation or help
- How to check if certificate needs renewal without ordering a new one? HOT 8
- Is there a way to keep txt unchanged and verify twice? HOT 2
- New account registration HOT 1
- Bouncy Castel dependency? HOT 9
- Allow to pass query parameters in directory URL HOT 2
- Provide example showing how to save and load existing certificates HOT 2
- AcmeJsonResource#update throws AcmeRetryAfterException even if resource is ready HOT 3
- Abstract away certificate renewal HOT 6
- response is not reading correctly HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme4j.