[GH-ISSUE #35] Update BouncyCastle to latest version #33

New issue

Closed

opened 2026-02-26 01:35:49 +03:00 by kerem · 10 comments

kerem commented 2026-02-26 01:35:49 +03:00

Owner

Copy link

Originally created by @ahmadreza-hadidi on GitHub (Jun 29, 2024).
Original GitHub issue: https://github.com/junian/Standard.Licensing/issues/35

Hi, @junian Thank you for your good work
Please update BouncyCastle to latest version because of vulnerability in older versions

Originally created by @ahmadreza-hadidi on GitHub (Jun 29, 2024). Original GitHub issue: https://github.com/junian/Standard.Licensing/issues/35 Hi, @junian Thank you for your good work Please update BouncyCastle to latest version because of vulnerability in older versions

kerem closed this issue 2026-02-26 01:35:49 +03:00

kerem commented 2026-02-26 01:35:49 +03:00

Author

Owner

Copy link

@junian commented on GitHub (Jul 1, 2024):

Hi @ahmadreza-hadidi, Can you give reference which vulnerability?

<!-- gh-comment-id:2198881264 --> @junian commented on GitHub (Jul 1, 2024): Hi @ahmadreza-hadidi, Can you give reference which vulnerability?

kerem commented 2026-02-26 01:35:49 +03:00

Author

Owner

Copy link

@kfrancis commented on GitHub (Jul 8, 2024):

https://github.com/advisories/GHSA-8xfc-gm6g-vgpv
https://github.com/advisories/GHSA-v435-xc8x-wvr9
https://github.com/advisories/GHSA-8xfc-gm6g-vgpv

You're also using a forked version, it looks like. Can you please use the standard version? https://www.nuget.org/packages/BouncyCastle.Cryptography

They updated it to remove the need to use the portable version when they depreciated the BouncyCastle.Crypto version.

<!-- gh-comment-id:2214785306 --> @kfrancis commented on GitHub (Jul 8, 2024): https://github.com/advisories/GHSA-8xfc-gm6g-vgpv https://github.com/advisories/GHSA-v435-xc8x-wvr9 https://github.com/advisories/GHSA-8xfc-gm6g-vgpv  You're also using a forked version, it looks like. Can you please use the standard version? https://www.nuget.org/packages/BouncyCastle.Cryptography They updated it to remove the need to use the portable version when they depreciated the BouncyCastle.Crypto version.

kerem commented 2026-02-26 01:35:49 +03:00

Author

Owner

Copy link

@kfrancis commented on GitHub (Jul 8, 2024):

https://www.nuget.org/packages/BouncyCastle

<!-- gh-comment-id:2214786060 --> @kfrancis commented on GitHub (Jul 8, 2024): https://www.nuget.org/packages/BouncyCastle

kerem commented 2026-02-26 01:35:49 +03:00

Author

Owner

Copy link

@kfrancis commented on GitHub (Jul 8, 2024):

I do understand that you're using 1.9.0, but there's an official package so you don't need to reference the external repo.

<!-- gh-comment-id:2214791868 --> @kfrancis commented on GitHub (Jul 8, 2024): I do understand that you're using 1.9.0, but there's an official package so you don't need to reference the external repo.

kerem commented 2026-02-26 01:35:49 +03:00

Author

Owner

Copy link

@kfrancis commented on GitHub (Jul 8, 2024):

This is the other reason why it's important. Can't use packages with vulnerabilities, and can't use the standard library because yours brings in a transitive reference:

I've put a pull request together to fix all that up.

<!-- gh-comment-id:2214831812 --> @kfrancis commented on GitHub (Jul 8, 2024): This is the other reason why it's important. Can't use packages with vulnerabilities, and can't use the standard library because yours brings in a transitive reference:  I've put a pull request together to fix all that up.

kerem commented 2026-02-26 01:35:49 +03:00

Author

Owner

Copy link

@kfrancis commented on GitHub (Jul 19, 2024):

@junian Have you had a chance to check the pull request?

<!-- gh-comment-id:2237806421 --> @kfrancis commented on GitHub (Jul 19, 2024): @junian Have you had a chance to check the pull request?

kerem commented 2026-02-26 01:35:49 +03:00

Author

Owner

Copy link

@junian commented on GitHub (Jul 23, 2024):

Thank you. I'll review it soon.

<!-- gh-comment-id:2244269085 --> @junian commented on GitHub (Jul 23, 2024): Thank you. I'll review it soon.

kerem commented 2026-02-26 01:35:49 +03:00

Author

Owner

Copy link

@kfrancis commented on GitHub (Jul 29, 2024):

Appreciate it. It's somewhat urgent.

<!-- gh-comment-id:2256444505 --> @kfrancis commented on GitHub (Jul 29, 2024): Appreciate it. It's somewhat urgent.

kerem commented 2026-02-26 01:35:49 +03:00

Author

Owner

Copy link

@junian commented on GitHub (Jul 31, 2024):

Thank you @kfrancis for the contribution, it's being validated on NuGet right now, should be available soon.

<!-- gh-comment-id:2259481696 --> @junian commented on GitHub (Jul 31, 2024): Thank you @kfrancis for the contribution, it's being validated on NuGet right now, should be available soon.

kerem commented 2026-02-26 01:35:49 +03:00

Author

Owner

Copy link

@kfrancis commented on GitHub (Aug 1, 2024):

The release works great, thank you. Also, I can confirm that the change in BouncyCastle doesn't require a change in existing licenses - they work as is.

<!-- gh-comment-id:2263384130 --> @kfrancis commented on GitHub (Aug 1, 2024): The release works great, thank you. Also, I can confirm that the change in BouncyCastle doesn't require a change in existing licenses - they work as is.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.2.2

v1.2.1

v1.1.9

v1.1.7

v1.1.6

v1.1.5

Labels

Clear labels   

pull-request

Mirrored from GitHub Pull Request

No labels

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/Standard.Licensing#33

No description provided.