The fix for
COMMONS-142 strips all leading zeroes from the ASN.1 integer values used when encoding ECDSA signatures into DER format. This can end up converting positive values to negative if the first non-zero byte has the high bit set. The Oracle/Sun ECDSA provider always interprets these values as unsigned so this does not matter, but other providers may not. In particular, when the JVM is configured to prefer the Bouncy Castle provider then this can fail as BC reads the values as signed integers and will reject negative values.
The code should instead strip all redundant leading zero bytes but ensure that sign is preserved: