Git fetch fails after upgrading Docker image from 13.1.0 to 13.1.4 due to BouncyCastle jar conflicts (OD-2629)

After upgrading the OneDev Docker image from 13.1.0 to 13.1.4, Git fetches via SSH stopped working. The web portal runs fine, but any Git operation fails with the following errors in the logs:

2025-12-11 10:03:57,190 WARN  [sshd-SshServer[53dfdeb2](port=6611)-nio2-thread-1] o.a.s.s.session.ServerSessionImpl exceptionCaught(ServerSessionImpl[null@/192.168.10.94:58351])[state=Opened] SecurityException: class "org.bouncycastle.crypto.EncapsulatedSecretGenerator"'s signer information does not match signer information of other classes in the same package
2025-12-11 10:06:04,715 WARN  [sshd-SshServer[53dfdeb2](port=6611)-nio2-thread-2] o.a.s.s.session.ServerSessionImpl exceptionCaught(ServerSessionImpl[null@/192.168.10.79:63137])[state=Opened] SecurityException: class "org.bouncycastle.crypto.EncapsulatedSecretGenerator"'s signer information does not match signer information of other classes in the same package
2025-12-11 10:06:26,854 WARN  [sshd-SshServer[53dfdeb2](port=6611)-nio2-thread-2] o.a.s.s.session.ServerSessionImpl exceptionCaught(ServerSessionImpl[null@/192.168.10.79:63138])[state=Opened] SecurityException: class "org.bouncycastle.crypto.EncapsulatedSecretGenerator"'s signer information does not match signer information of other classes in the same package

Git fetch itself failed with:

$ git fetch -v
Connection closed by 192.168.11.240 port 6611
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

Inside the Docker image, the lib folder contained BouncyCastle 1.69 jars alongside the newer 1.83 jars, which caused a signer mismatch.

Backed-up jars (moved out to fix the issue):

org.bouncycastle.bcprov-jdk15on-1.69.jar
org.bouncycastle.bcutil-jdk15on-1.69.jar

Other jars that were left in place but not backed up:

org.bouncycastle.bcpg-jdk15on-1.69.jar
org.bouncycastle.bcpkix-jdk15on-1.69.jar
org.bouncycastle.bcprov-jdk18on-1.83.jar
org.bouncycastle.bctls-jdk18on-1.83.jar
org.bouncycastle.bcutil-jdk18on-1.83.jar

Resolution:

Moved the two older 1.69 jars to a backup folder inside the container.
Kept the other jars intact.
Restarted the container.

After this, Git fetch works again, and SSH connections no longer produce the SecurityException.

Is there something I missed while updating my docker image ?

Robin Shen changed fields 4 weeks ago
Name Previous Value Current Value
Type

Question

Bug

Affected Versions
empty
13.1.4
Robin Shen referenced from other issue 4 weeks ago

SSH connection fails after update to 13.1.4 (OD-2630)

Closed
OneDev commented 4 weeks ago

State changed as code fixing the issue is committed (5d9e1d8a)
OneDev changed state to 'Closed' 4 weeks ago
Previous Value Current Value
Open

Closed
OneDev commented 4 weeks ago

State changed as build OD-6872 (13.1.5) is successful
OneDev changed state to 'Released' 4 weeks ago
Previous Value Current Value
Closed

Released
Login to comment

Name	Previous Value	Current Value
Type	Question	Bug
Affected Versions	empty	13.1.4

Previous Value	Current Value
Open	Closed

Previous Value	Current Value
Closed	Released

Type	Bug
Priority	Normal
Assignee	Robin Shen
Affected Versions	13.1.4
Labels	No labels

Issue Votes (0)

Watchers (3)

Reference

OD-2629