Bouncycastle dependency

Create issue
Issue #242 new
Lior Regev created an issue

Hello, The latest release is org.bouncycastle:bcprov-jdk15on:1.58 https://www.bouncycastle.org/latest_releases.html But jets3t is using an old identifier: org.bouncycastle:bcprov-jdk15on:1.51 Since jets3t is included in Apache Spark, libraries using a newer version of bouncycastle cause java.lang.NoClassDefFoundError

Comments (5)

  1. James Murty repo owner

    Thanks for the report @lioron.

    Can you describe which classes are missing? I would be surprised – though not very much – if updating BouncyCastle from 1.51 to 1.58 caused major classname/API changes.

  2. Lior Regev reporter

    Well, specifically, I tried to use Spark 2.2.0 with spark-hadoopcryptoledger-ds and it fails since spark introduced bouncy castle 1.51 to the classloader and the library requires 1.58. Unfortunately, since spark is always pre-packaged (for example, when using EMR) I cannot remove that 1.51 jar in favor of 1.58

  3. James Murty repo owner

    Is JetS3t the only cause for the 1.51 version to be installed by Spark, or is that a general issue?

    In other words, will updating JetS3t's dependencies actually fix this, or do dependency versions need to be updated by Apache Spark (presumably also including using a potential new release of JetS3t with the updated Bouncy Castle version)?

    It seems like this might be an issue you might need to raise directly with Apache Spark, and that updating JetS3t's dependencies would be only part of the solution. And perhaps not even a necessary part.

  4. Lior Regev reporter

    After checking dependencies on the spark project for a couple of hours it seems jets3t is the only one to include bc. Specifically in the spark-core package. Creating an issue with Spark is what I intend to do once jets3t has a new release. But apart from removing jets3t from spark I don't see how can it not prove necessary to be updated to 1.58

  5. Log in to comment