jasypt before 1.9.2 allows a timing attack against the password hash comparison.Referenceshttp://www.securitytracker.com/id/1040360https://access.redhat.com/errata/RHSA-2017:2809https://access.redhat.com/errata/RHSA-2017:2547https://access.redhat.com/errata/RHSA-2017:2810http://www.securitytracker.com/id/1039744https://access.redhat.com/errata/RHSA-2018:0294https://access.redhat.com/errata/RHSA-2017:2808https://access.redhat.com/errata/RHSA-2017:2546https://sourceforge.net/p/jasypt/code/668/https://access.redhat.com/errata/RHSA-2017:3141https://access.redhat.com/errata/RHSA-2017:2811
