Merge pull request #560 from Bhashinee/v2201.8.x

Update the Bouncy Castle version and Workflows

.github/workflows/build-timestamped-master.yml

@@ -12,5 +12,5 @@ jobs:
   call_workflow:
     name: Run Build Workflow
     if: ${{ github.repository_owner == 'ballerina-platform' }}
-    uses: ballerina-platform/ballerina-standard-library/.github/workflows/build-timestamp-master-template.yml@main
+    uses: ballerina-platform/ballerina-library/.github/workflows/build-timestamp-master-template.yml@main
     secrets: inherit

.github/workflows/build-with-bal-test-graalvm.yml

@@ -30,7 +30,7 @@ jobs:
     call_stdlib_workflow:
         name: Run StdLib Workflow
         if: ${{ github.event_name != 'schedule' || (github.event_name == 'schedule' && github.repository_owner == 'ballerina-platform') }}
-        uses: ballerina-platform/ballerina-standard-library/.github/workflows/build-with-bal-test-graalvm-template.yml@main
+        uses: ballerina-platform/ballerina-library/.github/workflows/build-with-bal-test-graalvm-template.yml@main
         with:
             lang_tag: ${{ inputs.lang_tag }}
             lang_version: ${{ inputs.lang_version }}

.github/workflows/central-publish.yml

@@ -15,7 +15,7 @@ jobs:
   call_workflow:
     name: Run Central Publish Workflow
     if: ${{ github.repository_owner == 'ballerina-platform' }}
-    uses: ballerina-platform/ballerina-standard-library/.github/workflows/central-publish-template.yml@main
+    uses: ballerina-platform/ballerina-library/.github/workflows/central-publish-template.yml@main
     secrets: inherit
     with:
       environment: ${{ github.event.inputs.environment }}

.github/workflows/publish-release.yml

@@ -9,7 +9,7 @@ jobs:
   call_workflow:
     name: Run Release Workflow
     if: ${{ github.repository_owner == 'ballerina-platform' }}
-    uses: ballerina-platform/ballerina-standard-library/.github/workflows/release-package-template.yml@main
+    uses: ballerina-platform/ballerina-library/.github/workflows/release-package-template.yml@main
     secrets: inherit
     with:
       package-name: crypto

.github/workflows/pull-request.yml

@@ -10,5 +10,5 @@ jobs:
     call_workflow:
         name: Run PR Build Workflow
         if: ${{ github.repository_owner == 'ballerina-platform' }}
-        uses: ballerina-platform/ballerina-standard-library/.github/workflows/pull-request-build-template.yml@main
+        uses: ballerina-platform/ballerina-library/.github/workflows/pull-request-build-template.yml@main
         secrets: inherit

.github/workflows/trivy-scan.yml

@@ -9,5 +9,5 @@ jobs:
   call_workflow:
     name: Run Trivy Scan Workflow
     if: ${{ github.repository_owner == 'ballerina-platform' }}
-    uses: ballerina-platform/ballerina-standard-library/.github/workflows/trivy-scan-template.yml@main
+    uses: ballerina-platform/ballerina-library/.github/workflows/trivy-scan-template.yml@main
     secrets: inherit

ballerina/Ballerina.toml

@@ -21,11 +21,17 @@ path = "../native/build/libs/crypto-native-2.6.3-SNAPSHOT.jar"
 [[platform.java17.dependency]]
 groupId = "org.bouncycastle"
 artifactId = "bcpkix-jdk18on"
-version = "1.77"
-path = "./lib/bcpkix-jdk18on-1.77.jar"
+version = "1.78"
+path = "./lib/bcpkix-jdk18on-1.78.jar"
 
 [[platform.java17.dependency]]
 groupId = "org.bouncycastle"
 artifactId = "bcprov-jdk18on"
-version = "1.77"
-path = "./lib/bcprov-jdk18on-1.77.jar"
+version = "1.78"
+path = "./lib/bcprov-jdk18on-1.78.jar"
+
+[[platform.java17.dependency]]
+groupId = "org.bouncycastle"
+artifactId = "bcutil-jdk18on"
+version = "1.78"
+path = "./lib/bcutil-jdk18on-1.78.jar"

ballerina/build.gradle

@@ -73,6 +73,9 @@ dependencies {
     externalJars(group: 'org.bouncycastle', name: 'bcprov-jdk18on', version: "${bouncycastleVersion}") {
         transitive = false
     }
+    externalJars(group: 'org.bouncycastle', name: 'bcutil-jdk18on', version: "${bouncycastleVersion}") {
+        transitive = false
+    }
 }
 
 task updateTomlFiles {

build-config/resources/Ballerina.toml

@@ -29,3 +29,9 @@ groupId = "org.bouncycastle"
 artifactId = "bcprov-jdk18on"
 version = "@bouncycastle.version@"
 path = "./lib/[email protected]@.jar"
+
+[[platform.java17.dependency]]
+groupId = "org.bouncycastle"
+artifactId = "bcutil-jdk18on"
+version = "@bouncycastle.version@"
+path = "./lib/[email protected]@.jar"

changelog.md

@@ -8,6 +8,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Added
 - [Introduce new APIs to sign and verify using SHA256withECDSA](https://github.com/ballerina-platform/ballerina-library/issues/5889)
 
+## [2.6.3] - 2023-06-17
+
+- [Address bouncy castle vulnerability - CVE-2024-29857](https://github.com/ballerina-platform/ballerina-library/issues/6637)
+
 ## [2.6.1] - 2023-12-12
 
 ### Added

gradle.properties

@@ -2,7 +2,7 @@ org.gradle.caching=true
 group=io.ballerina.stdlib
 version=2.6.3-SNAPSHOT
 puppycrawlCheckstyleVersion=10.12.0
-bouncycastleVersion=1.77
+bouncycastleVersion=1.78
 githubSpotbugsVersion=5.0.14
 githubShadowVersion=7.1.2
 undercouchDownloadVersion=5.4.0

native/build.gradle

@@ -31,6 +31,7 @@ dependencies {
     implementation group: 'io.ballerina.stdlib', name: 'time-native', version: "${stdlibTimeVersion}"
     implementation group: 'org.bouncycastle', name: 'bcpkix-jdk18on', version: "${bouncycastleVersion}"
     implementation group: 'org.bouncycastle', name: 'bcprov-jdk18on', version: "${bouncycastleVersion}"
+    implementation group: 'org.bouncycastle', name: 'bcutil-jdk18on', version: "${bouncycastleVersion}"
     compileOnly group: 'org.graalvm.nativeimage', name: 'svm', version: "${nativeImageVersion}"
 }