Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update BouncyCastle dependency #55

Closed
simenstensas opened this issue Aug 14, 2024 · 7 comments
Closed

Update BouncyCastle dependency #55

simenstensas opened this issue Aug 14, 2024 · 7 comments
Labels
bug Something isn't working module/s3-encryption-client p1 This is a high priority issue queued

Comments

@simenstensas
Copy link

Describe the bug

Please remove BouncyCastle dependency and replace it with BouncyCastle.Cryptography v2.4.0

See: GHSA-8xfc-gm6g-vgpv

Expected Behavior

Works as intended

Current Behavior

Outdated dependency

Reproduction Steps

Nothing to write

Possible Solution

Changing dependency to BouncyCastle.Cryptography and solving possible breaking changes.

Additional Information/Context

No response

AWS .NET SDK and/or Package version used

AWSSDK.* 3.7.400.5

Targeted .NET Platform

.NET 6

Operating System and version

Windows 11
@simenstensas simenstensas added bug Something isn't working needs-triage labels Aug 14, 2024
@simenstensas simenstensas changed the title Update https://github.com/advisories/GHSA-8xfc-gm6g-vgpv Update BouncyCastle dependency Aug 14, 2024
@bhoradc bhoradc added module/s3-encryption-client needs-review p2 This is a standard priority issue and removed needs-triage labels Aug 14, 2024
@bhoradc
Copy link

bhoradc commented Aug 16, 2024

Hello @simenstensas,

Thank you for reporting this issue. In S3 Encryption Client for .NET library, the BouncyCastle dependency is used when TargetFramework is .NET 3.5 alone, for others it's using the Portable.BouncyCastle package - Reference link.

We shall get rid of the BouncyCastle package, when we update this library for the V4 effort, where .NET Framework 3.5 target would been removed.

Regards,
Chaitanya

@simenstensas
Copy link
Author

Hi @bhoradc,

I understand. When can we expect a V4 release? Any timeline?

@bhoradc bhoradc added p1 This is a high priority issue and removed p2 This is a standard priority issue labels Aug 19, 2024
@normj
Copy link
Member

normj commented Aug 20, 2024

@simenstensas I can't give an expected release for V4 because we always have lots of competing tasks supporting all AWS services. The first preview of V4 went out last week and the intention is for V4 to have a relatively short dev cycle to get to GA state.

@simenstensas
Copy link
Author

@bhoradc Will Portable.BouncyCastle dependency be removed as a part of V4 as well?

@normj
Copy link
Member

normj commented Sep 13, 2024

@simenstensas Yes all targets will use BouncyCastle.Cryptography in v4. We have shipped 3.0.0-preview.1 of the package that targets V4 of the SDK and uses BouncyCastle.Cryptography.

@normj
Copy link
Member

normj commented Sep 14, 2024

I'm closing the issue because we have made the switch to BouncyCastle.Cryptography for V4 and have released a preview version. You can track the progress of V4 going GA by subscribing to the following V4 tracking issue.

aws/aws-sdk-net#3362

@normj normj closed this as completed Sep 14, 2024
@github-actions GitHub Actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working module/s3-encryption-client p1 This is a high priority issue queued
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@normj @simenstensas @bhoradc