From 8b440762ca9f50a6a3e94900a5dc46906c91b206 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Wed, 12 Jun 2024 21:19:24 -0400 Subject: [PATCH] [1.3] Bump bouncycastle to 1.78.1 and kafka to 3.7.0 (#4437) Signed-off-by: Craig Perkins --- build.gradle | 12 ++++++++---- plugin-security.policy | 5 ++++- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/build.gradle b/build.gradle index 8ec59240d7..2ccdae5618 100644 --- a/build.gradle +++ b/build.gradle @@ -62,7 +62,7 @@ ext { buildVersionQualifier = System.getProperty("build.version_qualifier", "") version_tokens = opensearch_version.tokenize('-') opensearch_build = version_tokens[0] + '.0' - kafka_version = '3.5.1' + kafka_version = '3.7.0' if (buildVersionQualifier) { opensearch_build += "-${buildVersionQualifier}" @@ -170,7 +170,7 @@ dependencies { implementation 'com.google.guava:guava:32.1.1-jre' implementation 'org.greenrobot:eventbus:3.2.0' implementation 'commons-cli:commons-cli:1.3.1' - implementation 'org.bouncycastle:bcprov-jdk15to18:1.75' + implementation 'org.bouncycastle:bcprov-jdk15to18:1.78.1' implementation 'com.fasterxml.jackson.core:jackson-databind:2.14.2' implementation 'org.ldaptive:ldaptive:1.2.3' implementation 'org.apache.httpcomponents:httpclient-cache:4.5.13' @@ -210,8 +210,12 @@ dependencies { testImplementation 'com.unboundid:unboundid-ldapsdk:4.0.9' testImplementation 'com.github.stephenc.jcip:jcip-annotations:1.0-1' testImplementation "org.apache.kafka:kafka_2.13:${kafka_version}" + testImplementation "org.apache.kafka:kafka-server:${kafka_version}" + testImplementation "org.apache.kafka:kafka-server-common:${kafka_version}" + testImplementation "org.apache.kafka:kafka-server-common:${kafka_version}:test" testImplementation "org.apache.kafka:kafka_2.13:${kafka_version}:test" testImplementation "org.apache.kafka:kafka-clients:${kafka_version}:test" + testImplementation 'commons-validator:commons-validator:1.7' compileOnly "org.opensearch:opensearch:${opensearch_version}" integrationTestCompileOnly "org.opensearch:opensearch:${opensearch_version}" @@ -245,8 +249,8 @@ dependencies { integrationTestImplementation "org.apache.logging.log4j:log4j-core:2.17.1" integrationTestImplementation "org.apache.logging.log4j:log4j-jul:2.17.1" integrationTestImplementation 'org.hamcrest:hamcrest:2.2' - integrationTestImplementation "org.bouncycastle:bcpkix-jdk15to18:1.75" - integrationTestImplementation "org.bouncycastle:bcutil-jdk15to18:1.75" + integrationTestImplementation "org.bouncycastle:bcpkix-jdk15to18:1.78.1" + integrationTestImplementation "org.bouncycastle:bcutil-jdk15to18:1.78.1" integrationTestImplementation('org.awaitility:awaitility:4.2.0') { exclude(group: 'org.hamcrest', module: 'hamcrest') } diff --git a/plugin-security.policy b/plugin-security.policy index a0b51c26a8..24f3c97637 100644 --- a/plugin-security.policy +++ b/plugin-security.policy @@ -64,7 +64,10 @@ grant { permission java.security.SecurityPermission "putProviderProperty.BC"; permission java.security.SecurityPermission "insertProvider.BC"; permission java.security.SecurityPermission "removeProviderProperty.BC"; - permission java.util.PropertyPermission "jdk.tls.rejectClientInitiatedRenegotiation", "write"; + permission java.security.SecurityPermission "getProperty.org.bouncycastle.ec.max_f2m_field_size"; + permission java.security.SecurityPermission "getProperty.org.bouncycastle.pkcs12.default"; + permission java.security.SecurityPermission "getProperty.org.bouncycastle.rsa.max_size"; + permission java.security.SecurityPermission "getProperty.org.bouncycastle.rsa.max_mr_tests"; permission java.lang.RuntimePermission "accessUserInformation";