[MONGOCRYPT-295] Update JNA dependency for mongodb-crypt Created: 05/Nov/20 Updated: 28/Oct/23 Resolved: 25/Nov/20 |
|
| Status: | Closed |
| Project: | Libmongocrypt |
| Component/s: | Java binding |
| Affects Version/s: | None |
| Fix Version/s: | 1.1.0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Bernie Hackett | Assignee: | Ross Lawley |
| Resolution: | Fixed | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||
| Issue Links: |
|
||||
| Description |
|
Currently, our client side field level encryption implementation depends on JNA version 4.5.2. Since that support was added, JNA has done a major 5.0 release and several minor releases, some containing important security vulnerability fixes. We should upgrade our dependency to the latest version. |
| Comments |
| Comment by Githook User [ 25/Nov/20 ] |
|
Author: {'name': 'Ross Lawley', 'email': 'ross.lawley@gmail.com', 'username': 'rozza'}Message: |
| Comment by Ross Lawley [ 20/Nov/20 ] |
| Comment by Andrew Lyons [ 12/Nov/20 ] |
|
jeff.yemin Great to know and thanks for the update.
What is the ETA and can I share it with the customer? |
| Comment by Jeffrey Yemin [ 12/Nov/20 ] |
|
andrew.lyons it is already scheduled, and will be included in the 1.1.0 release of libmongocrypt |
| Comment by Andrew Lyons [ 06/Nov/20 ] |
|
More info on the vulnerability |