[MONGOCRYPT-295] Update JNA dependency for mongodb-crypt Created: 05/Nov/20  Updated: 28/Oct/23  Resolved: 25/Nov/20

Status: Closed
Project: Libmongocrypt
Component/s: Java binding
Affects Version/s: None
Fix Version/s: 1.1.0

Type: Improvement Priority: Major - P3
Reporter: Bernie Hackett Assignee: Ross Lawley
Resolution: Fixed Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File Screen Shot 2020-11-12 at 10.21.07 AM.png     PNG File unnamed.png    
Issue Links:
Depends

 Description   

Currently, our client side field level encryption implementation depends on JNA version 4.5.2. Since that support was added, JNA has done a major 5.0 release and several minor releases, some containing important security vulnerability fixes. We should upgrade our dependency to the latest version.



 Comments   
Comment by Githook User [ 25/Nov/20 ]

Author:

{'name': 'Ross Lawley', 'email': 'ross.lawley@gmail.com', 'username': 'rozza'}

Message: MONGOCRYPT-295 Update Java JNA dependency to 5.6.0 (#142)
Branch: master
https://github.com/mongodb/libmongocrypt/commit/be0a08387e6c50f1b66b5069ba87b745cd01733a

Comment by Ross Lawley [ 20/Nov/20 ]

PR: https://github.com/mongodb/libmongocrypt/pull/142

Comment by Andrew Lyons [ 12/Nov/20 ]

jeff.yemin Great to know and thanks for the update. 

 

What is the ETA and can I share it with the customer? 

Comment by Jeffrey Yemin [ 12/Nov/20 ]

andrew.lyons it is already scheduled, and will be included in the 1.1.0 release of libmongocrypt

Comment by Andrew Lyons [ 06/Nov/20 ]

More info on the vulnerability

Generated at Thu Feb 08 09:08:23 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.