Is bcprov-ext-jdk18on No Longer Needed?

[machale]

We're currently including these in our product:

bcpkix-jdk18on-1.78.jar
bcprov-ext-jdk18on-1.78.jar
bcprov-jdk18on-1.78.jar
bcutil-jdk18on-1.78.jar

To address CVE-2025-8916 we're moving to version 1.82. The latest version of bcprov-ext-jdk18on is 1.78.1. I can't find any statements about this and, frankly, I'm the furthest thing from an expert about BC. I'm just trying to help with some planning.

So, my possibly silly question is, if we're moving to 1.82, do we include bcprov-ext-jdk18on 1.78.1? Or do we just stop shipping bcprov-ext-jdk18on altogether?

[peterdettman]

bcprov-ext (when it exists/existed) was a replacement for bcprov that included extra algorithms that almost everyone wouldn't need (for one reason or another). You shouldn't have been including both bcprov and bcprov-ext in earlier versions, and I think you will be fine just deleting your bcprov-ext dependency now.