We have been using Gradle’s Artifactory repository in our builds (actually we used it to populate our internal Artifactory repository) and noticed that the following BouncyCastle module is not valid:
The ‘bcprov-jdk15on-1.47.jar’ has invalid ‘Bundle-Version’ header and is not usable in OSGi. Apparently this has been fixed on both the official BouncyCastle download site and the Central Maven repository:
I suppose that the manifest problem was reported and was fixed but without increasing the BouncyCastle version. Do you mind updating the Gradle’s Artifactory module so that it matches the officially available version?
It’s very strange that this was updated in Maven Central. They have a strict policy of never changing binaries once they get into the repository. Something must have gone wrong.
The one on JFrog’s repo is also invalid. I’m not sure whether this one was available on Maven Central and later fixed, it could be that the initial invalid version originated from JFrog’s repo by manual upload from BC’s download page. It might have never been available on Maven Central…
Anyway, this issue was introduced by BC - apparently they decided that a simple manifest fix is not enough for them to increase their version, which is not correct IMHO.
Yes, it has correct manifest with ‘Bundle-Version: 1.47’, also it has same md5 checksum (7749dd7eca4403fb968ddc484263736a) as the one on the official BC download page, so I think it is OK to mirror it from there.