You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
David Hook edited this page May 18, 2026
·
6 revisions
Title: PKIX draft CompositeVerifier accepts empty signature sequence as valid.
Issue affecting: BC 1.67 to 1.80.1, BC 1.81, BC 1.82 to BC 1.83. BCPKIX-FIPS 2.0.6 to 2.0.10. BCPKIX-FIPS 2.1.7 to 2.1.10. BCPKIX-LTS 2.73.7 to 2.73.10
Fixed versions: BC 1.80.2, BC 1.81.1, BC 1.84, BCPKIX-FIPS 2.0.11, BCPKIX-FIPS 2.1.11, BCPKIX-LTS 2.73.11
Platform affected: Java 4 and later.
The test OID for the early draft of the COMPOSITE signature type would accept an empty signature and treat it as valid. The patch enforces a check to ensure at least one signature has been validated.