For more security spongycastle -> bouncycastle #3087
Comments
|
@Neustradamus could you please list the potential risk or potential attack if we are still on the old spongycastle? |
|
@Benson0224: Thanks for your comment! Since several years, a lot of projects have already moved from Spongy Castle to Bouncy Castle because the project is dead. You can see discussion "34" in https://github.com/rtyley/spongycastle/issues. |
|
@Neustradamus Thanks for your clarification. Checked with Team, replace Spongy Castle with Bouncy Castle is not easy and it affects multiple modules, We will add it in our to-do list and start soon, at the same time, we will keep this issue here, and update the progress timely. |
|
Spongy Castle will not be maintained anymore. check detail at: |
|
@Benson0224: Yes, it is for this I have requested this change because currently there are security problems. |
|
@Neustradamus checked with the team, it is already on our to-do list. however this change is a huge change, it cannot be done within a short time. and currently, we are busy with other urgent tasks. we will update this issue once we got any progress. thanks. |
|
@Benson0224: Thanks for your reply! |
|
@Benson0224, @shydesky, @Federico2014: Any news? |
|
Duplicate of # |
|
@Benson0224 @Neustradamus The bouncy castle library will be updated in release 4.3.0, please refer to #3919 |
|
@Federico2014: Good job, thanks! |
|
Thanks for your support to java-tron. |
|
@Benson0224: Thanks a lot, more one year after ^^ And do not other repos too: |
For more security, can you change old spongycastle (based on old bouncycastle) to bouncycastle?
The text was updated successfully, but these errors were encountered: