The following CVE was found when scanning kafka-connect-mq-sink:2.2.1:
CVE-2025-8916 - Security vulnerability in org.bouncycastle:bcprov-jdk18on:1.78.1
The vulnerable Bouncy Castle library is included as a transitive dependency through com.ibm.mq:com.ibm.mq.allclient:9.4.0.5. The IBM MQ client uses Bouncy Castle for SSL/TLS cryptographic operations.
The fix is available by upgrading com.ibm.mq:com.ibm.mq.allclient:9.4.0.5 to com.ibm.mq:com.ibm.mq.allclient:9.4.4.1. This will automatically upgrade the Bouncy Castle dependencies to version 1.81, which includes the security fix for CVE-2025-8916 and additional security improvements.
The following CVE was found when scanning kafka-connect-mq-sink:2.2.1:
CVE-2025-8916 - Security vulnerability in org.bouncycastle:bcprov-jdk18on:1.78.1
The vulnerable Bouncy Castle library is included as a transitive dependency through com.ibm.mq:com.ibm.mq.allclient:9.4.0.5. The IBM MQ client uses Bouncy Castle for SSL/TLS cryptographic operations.
The fix is available by upgrading com.ibm.mq:com.ibm.mq.allclient:9.4.0.5 to com.ibm.mq:com.ibm.mq.allclient:9.4.4.1. This will automatically upgrade the Bouncy Castle dependencies to version 1.81, which includes the security fix for CVE-2025-8916 and additional security improvements.