Next stable release date; address bouncycastle vulnerabilities about license3j HOT 7 CLOSED

License3j 2.0.0 does not generate keys using BC library. You have to generate your keys using GPG. Thus the first vulnerability does not effect l3j-2.0.0

The other issue is important when you process a private key that is out of your control. When you sign license you sign it using your own private key, thus it is you who could initate an attack on yourself. Not likely.

I am not a security and crypto expert, but I think that these vulnerabilities are non-issues for License3j,

License3j 3.0.0 does not use any version of Bouncy Castle. I plan to release it in a few weeks. You can expedite it if you install the snapshot, and report your experiences, bugs, notes whatever.

from license3j.

Ok cool, thanks for clarifying!

Out of curiosity, what library are you using in 3.0.0 instead of BouncyCastle?

from license3j.

As you can see in the pom.xml dependency section: none.

All the cryptographic functionality is available in the standard Java JDK.

from license3j.

You can also have a look at the library https://github.com/verhas/repl since the plan is to split license3j into 3 libraries:

• License3j core
• License3j REPL that contains the command line app and depends on the
• javax0.repl library

That way there will be no need to have the command line application inside the Java application that uses License3j as a library.

from license3j.

Hi,
I downloaded the latest license3j, but there is no class in it called Repl (needed for "java -cp license3j-3.0.0.jar javax0.license3j.Repl" command).
I built it anyway and even found another prebuilt license3j jar online, but either one does not have that class so I cannot get anywhere, do you know what is wrong or can you send me that class?

The Maven compile seemed to work ok and I am using JDK 11

Thanks,
Dan

from license3j.

I have downloaded the jar from GitHub release just now into a separate directory, I issued the command copy-pasting from your previous post and as you can see on my screen capture it starts.

You certainly have some local problem. Try to rename the jar file to ZIP (if you are using Windows) and open it using 7zip (free and legal) and see that the class is there.

BTW: this is a new issue, it would have been better to open a new ticket. If you can succeed, please inform us what was wrong, or in case I can help anything more... Also, tell me the Java version (java -version) operating system etc.

from license3j.

I close this issue, in case there is anything from danmoliver, please open a new ticket.

from license3j.