have to upgrade to 1.56

BouncyCastle is vulnerable to a Timing Attack. The generateSignature() function in the DSASigner.java file allows the per message key (the k value in the DSA algorithm) to be predictable while generating DSA signatures. A remote attacker can exploit this vulnerability to determine the k value by closely observing the timings for the generation of signatures, allowing the attacker to deduce the signer?s private key.