From ff97642301cdef14252b5ed30b65a0b12c5a54e3 Mon Sep 17 00:00:00 2001
From: Paul Watson <paul_watson@rapid7.com>
Date: Wed, 6 Nov 2024 16:52:47 +0000
Subject: [PATCH 1/3] Overriding the vulnerable version of bouncy castle

---
 pom.xml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 1e2800d..3bff6d3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -44,7 +44,8 @@
    </distributionManagement>
 
    <properties>
-      <thirdparty.commons-io.version>2.7</thirdparty.commons-io.version>
+      <thirdparty.bouncycastle.version>1.78.1</thirdparty.bouncycastle.version>
+      <thirdparty.commons-io.version>2.14.0</thirdparty.commons-io.version>
       <thirdparty.commons-lang3.version>3.4</thirdparty.commons-lang3.version>
       <thirdparty.guava.version>33.0.0-jre</thirdparty.guava.version>
       <thirdparty.hamcrest.version>1.3</thirdparty.hamcrest.version>
@@ -59,6 +60,13 @@
    </properties>
 
    <dependencies>
+     <!-- the version of bouncycastle in smbj is vulnerable     -->
+     <dependency>
+       <groupId>org.bouncycastle</groupId>
+       <artifactId>bcprov-jdk18on</artifactId>
+       <version>${thirdparty.bouncycastle.version}</version>
+       <scope>runtime</scope>
+     </dependency>
       <!-- 3rdparty dependencies. -->
       <dependency>
          <groupId>commons-io</groupId>

From 5867e8cabf627116613277f10e87ef09d7cf207a Mon Sep 17 00:00:00 2001
From: Paul Watson <83958048+pwatson-r7@users.noreply.github.com>
Date: Thu, 7 Nov 2024 11:41:12 +0000
Subject: [PATCH 2/3] Update pom.xml revert commons io

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3bff6d3..49321a1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -45,7 +45,7 @@
 
    <properties>
       <thirdparty.bouncycastle.version>1.78.1</thirdparty.bouncycastle.version>
-      <thirdparty.commons-io.version>2.14.0</thirdparty.commons-io.version>
+      <thirdparty.commons-io.version>2.7<</thirdparty.commons-io.version>
       <thirdparty.commons-lang3.version>3.4</thirdparty.commons-lang3.version>
       <thirdparty.guava.version>33.0.0-jre</thirdparty.guava.version>
       <thirdparty.hamcrest.version>1.3</thirdparty.hamcrest.version>

From c7ced7532678a39010f196440790a92a59fa7fa9 Mon Sep 17 00:00:00 2001
From: Paul Watson <83958048+pwatson-r7@users.noreply.github.com>
Date: Thu, 7 Nov 2024 11:42:13 +0000
Subject: [PATCH 3/3] Update pom.xml

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 49321a1..88957b8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -45,7 +45,7 @@
 
    <properties>
       <thirdparty.bouncycastle.version>1.78.1</thirdparty.bouncycastle.version>
-      <thirdparty.commons-io.version>2.7<</thirdparty.commons-io.version>
+      <thirdparty.commons-io.version>2.7</thirdparty.commons-io.version>
       <thirdparty.commons-lang3.version>3.4</thirdparty.commons-lang3.version>
       <thirdparty.guava.version>33.0.0-jre</thirdparty.guava.version>
       <thirdparty.hamcrest.version>1.3</thirdparty.hamcrest.version>