Update Bouncycastle to 1.78.1 for CVE-2023-33201 (#5804)

Resolves #5780

spring-cloud-dataflow-build/spring-cloud-dataflow-build-dependencies/pom.xml

@@ -30,6 +30,7 @@
 		<testcontainers.version>1.19.7</testcontainers.version>
 		<!-- Specific version overrides to deal w/ CVEs -->
 		<tomcat.version>9.0.88</tomcat.version>
+		<bouncycastle.version>1.78.1</bouncycastle.version>
 		<spring-kafka.version>2.9.13</spring-kafka.version>
 		<netty.version>4.1.109.Final</netty.version>
 		<reactor-bom.version>2020.0.43</reactor-bom.version>
@@ -190,6 +191,22 @@
 				<artifactId>spring-cloud-services-starter-config-client</artifactId>
 				<version>${spring-cloud-services-starter-config-client.version}</version>
 			</dependency>
+			<!-- Provide Bouncycastle dep. mgmt. -->
+			<dependency>
+				<groupId>org.bouncycastle</groupId>
+				<artifactId>bcprov-jdk18on</artifactId>
+				<version>${bouncycastle.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.bouncycastle</groupId>
+				<artifactId>bcpkix-jdk18on</artifactId>
+				<version>${bouncycastle.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.bouncycastle</groupId>
+				<artifactId>bcutil-jdk18on</artifactId>
+				<version>${bouncycastle.version}</version>
+			</dependency>
 		</dependencies>
 	</dependencyManagement>
 	<profiles>

spring-cloud-dataflow-parent/pom.xml

@@ -34,6 +34,7 @@
 		<jettison.version>1.5.4</jettison.version>
 		<!-- Specific version overrides to deal w/ CVEs -->
 		<tomcat.version>9.0.88</tomcat.version>
+		<bouncycastle.version>1.78.1</bouncycastle.version>
 		<spring-kafka.version>2.9.13</spring-kafka.version>
 		<netty.version>4.1.109.Final</netty.version>
 		<reactor-bom.version>2020.0.43</reactor-bom.version>
@@ -142,7 +143,7 @@
 				<artifactId>logback-access</artifactId>
 				<version>${logback.version}</version>
 			</dependency>
-			<!-- There is no embedded tomcat BOM unfortunately -->
+			<!-- Override embedded Tomcat provided by Spring Boot (no BOM unfortunately) -->
 			<dependency>
 				<groupId>org.apache.tomcat.embed</groupId>
 				<artifactId>tomcat-embed-core</artifactId>
@@ -168,27 +169,47 @@
 				<artifactId>spring-kafka</artifactId>
 				<version>${spring-kafka.version}</version>
 			</dependency>
+			<!-- Override Netty provided by Spring Boot -->
 			<dependency>
 				<groupId>io.netty</groupId>
 				<artifactId>netty-bom</artifactId>
 				<version>${netty.version}</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
+			<!-- Override Reactor provided by Spring Boot -->
 			<dependency>
 				<groupId>io.projectreactor</groupId>
 				<artifactId>reactor-bom</artifactId>
 				<version>${reactor-bom.version}</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
+			<!-- Override RSocket provided by Spring Boot -->
 			<dependency>
 				<groupId>io.rsocket</groupId>
 				<artifactId>rsocket-bom</artifactId>
 				<version>${rsocket.version}</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
+			<!-- Provide Bouncycastle dep. mgmt. -->
+			<dependency>
+				<groupId>org.bouncycastle</groupId>
+				<artifactId>bcprov-jdk18on</artifactId>
+				<version>${bouncycastle.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.bouncycastle</groupId>
+				<artifactId>bcpkix-jdk18on</artifactId>
+				<version>${bouncycastle.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.bouncycastle</groupId>
+				<artifactId>bcutil-jdk18on</artifactId>
+				<version>${bouncycastle.version}</version>
+			</dependency>
+			<!-- Override dependencies should go above this comment -->
 			<dependency>
 				<groupId>org.springframework</groupId>
 				<artifactId>spring-framework-bom</artifactId>