Is okta sdk java 8.2.5 compatible with bcprov-jdk18on vs bcpkix-jdk18on 1.78 (in 8.2.5 is 1.7.5)

We’re using okta-sdk-impl in spring boot project
After we scan my project and found some vulnerability need to upgrade bcprov-jdk18on vs bcpkix-jdk18on 1.78
We don’t want to upgrade okta version and we force upgrade bcprov-jdk18on vs bcpkix-jdk18on to 1.78 and project still work normal
But I still concern that is that compatible with each other may I know how can we check if I need to upgrade to higher version in the future

Hello @_frankie,

The upgrade to 1.78 on org.bouncycastle:bcprov-jdk18on was part of the 17.0.0 update from last month, listed here: Releases · okta/okta-sdk-java · GitHub

If you’ve upgraded the dependency yourself without upgrading the full SDK that should take care of it, but we do recommend keeping your apps upgraded to the newest version of the SDK to handle issues like these, as we’ll roll depency upgrades into them.

1 Like

Thanks @daniel.sanders
Yeah, we try to upgrade to 17.0.0
Big step from 8.2.5 to 17.0.0 :joy: