We’re using okta-sdk-impl in spring boot project
After we scan my project and found some vulnerability need to upgrade bcprov-jdk18on vs bcpkix-jdk18on 1.78
We don’t want to upgrade okta version and we force upgrade bcprov-jdk18on vs bcpkix-jdk18on to 1.78 and project still work normal
But I still concern that is that compatible with each other may I know how can we check if I need to upgrade to higher version in the future
Hello @_frankie,
The upgrade to 1.78 on org.bouncycastle:bcprov-jdk18on was part of the 17.0.0 update from last month, listed here: Releases · okta/okta-sdk-java · GitHub
If you’ve upgraded the dependency yourself without upgrading the full SDK that should take care of it, but we do recommend keeping your apps upgraded to the newest version of the SDK to handle issues like these, as we’ll roll depency upgrades into them.
1 Like
Thanks @daniel.sanders
Yeah, we try to upgrade to 17.0.0
Big step from 8.2.5 to 17.0.0 