bouncycastle is vulnerable to padding oracle attacks. In an environment where timings can be easily observed, it is possible to identify when the decryption is failing due to padding.
access.redhat.com/errata/RHSA-2018:2669
access.redhat.com/errata/RHSA-2018:2927
github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098
lists.debian.org/debian-lts-announce/2018/07/msg00009.html
security.netapp.com/advisory/ntap-20181127-0004/
usn.ubuntu.com/3727-1/
vigilance.fr/vulnerability/Bouncy-Castle-multiple-vulnerabilities-21455
www.bouncycastle.org/releasenotes.html
www.oracle.com/security-alerts/cpuoct2020.html