fix: security: bump commons-lang3, bcprov-jdk18on, bouncycastle

Author: Archiit19

CHANGELOG.md

@@ -12,6 +12,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Bump Apache Lucene to 9.12.2 ([#18574](https://github.com/opensearch-project/OpenSearch/pull/18574))
 - Bump `commons-beanutils:commons-beanutils` from 1.9.4 to 1.11.0 ([#18401](https://github.com/opensearch-project/OpenSearch/issues/18401))
 - Bump `org.apache.poi` version from 5.2.5 to 5.4.1 in /plugins/ingest-attachment ([#17887](https://github.com/opensearch-project/OpenSearch/pull/17887))
+- Bump `org.bouncycastle:bc-fips` from 2.0.0 to 2.1.0 ([#19155](https://github.com/opensearch-project/OpenSearch/pull/19155))
+- Bump `org.apache.commons:commons-lang3` from 3.14.0 to 3.18.0 ([#19155](https://github.com/opensearch-project/OpenSearch/pull/19155))
+- Bump `org.bouncycastle:bcprov-jdk18on` from 1.78 to 1.79 ([#19155](https://github.com/opensearch-project/OpenSearch/pull/19155))
+- Bump `org.bouncycastle:bcmail-jdk18on` from 1.78 to 1.79 ([#19155](https://github.com/opensearch-project/OpenSearch/pull/19155))
+- Bump `org.bouncycastle:bcpkix-jdk18on` from 1.78 to 1.79 ([#19155](https://github.com/opensearch-project/OpenSearch/pull/19155))
 
 ### Deprecated
 

distribution/tools/plugin-cli/build.gradle

@@ -38,7 +38,7 @@ dependencies {
   compileOnly project(":server")
   compileOnly project(":libs:opensearch-cli")
   api "org.bouncycastle:bcpg-fips:2.0.9"
-  api "org.bouncycastle:bc-fips:2.0.0"
+  api "org.bouncycastle:bc-fips:2.1.0"
   testImplementation project(":test:framework")
   testImplementation 'com.google.jimfs:jimfs:1.3.0'
   testRuntimeOnly("com.google.guava:guava:${versions.guava}") {

distribution/tools/plugin-cli/licenses/bc-fips-2.0.0.jar.sha1

@@ -0,0 +1 @@
+c8df3d47f9854f3e9ca57e9fc862da18c9381fa9

distribution/tools/plugin-cli/licenses/bc-fips-2.1.0.jar.sha1

@@ -47,7 +47,7 @@ httpcore          = "4.4.16"
 httpasyncclient   = "4.1.5"
 commonslogging    = "1.2"
 commonscodec      = "1.16.1"
-commonslang       = "3.14.0"
+commonslang       = "3.18.0"
 commonscompress   = "1.26.1"
 commonsio         = "2.16.0"
 # plugin dependencies
@@ -57,7 +57,7 @@ reactivestreams   = "1.0.4"
 # when updating this version, you need to ensure compatibility with:
 #  - plugins/ingest-attachment (transitive dependency, check the upstream POM)
 #  - distribution/tools/plugin-cli
-bouncycastle="1.78"
+bouncycastle="1.79"
 # test dependencies
 randomizedrunner  = "2.7.1"
 junit             = "4.13.2"

gradle/libs.versions.toml

@@ -0,0 +1 @@
+4d8e2732bcee15f1db93df266c3f5b70ce5cac21

plugins/identity-shiro/licenses/bcprov-jdk18on-1.78.jar.sha1

@@ -0,0 +1 @@
+5a18b9cdc322371172c35adcee672b1396a4655c