You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Stefan Bodewig <bo...@apache.org> on 2020/09/30 17:02:35 UTC
[ANN] Apache Ant 1.10.9 Released
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Apache Ant Team is pleased to announce the release of Apache Ant
1.10.9.
Apache Ant is a Java library and command-line tool that helps building
software.
The Apache Ant team currently maintains two lines of development. The
1.9.x releases require Java5 at runtime and 1.10.x requires Java8 at
runtime. Both lines are based off of Ant 1.9.7 and the 1.9.x releases
are mostly bug fix releases while additional new features are developed
for 1.10.x. We recommend using 1.10.4 unless you are required to use
versions of Java prior to Java8 during the build process.
Ant 1.10.9 contains a bugfixes and support for using GraalVM JavaScript
inside the script family of tasks and types.
It also addresses an insecure temporary file vulnerability
vulnerability, see see the upcoming CVE announcement or
https://ant.apache.org/security.html for details.
Source and binary distributions are available for download from the
Apache Ant download site:
https://ant.apache.org/bindownload.cgi
https://ant.apache.org/srcdownload.cgi
When downloading, please verify signatures using the KEYS file available
at the above location when downloading the release.
Changes in 1.10.9 include:
==========================
Changes from Ant 1.10.8 TO Ant 1.10.9
=====================================
Fixed bugs:
- -----------
* the ftp task could throw a NullPointerException if an error occured
Bugzilla Report 64438
* propertyset now also sees in-scope local properties
Bugzilla Report 50179
* replaced our version of ReaderInputStream with the battle-tested
version of Apache Commons IO as our version had problems with
surrogate pairs (and likely other edge cases as well).
Bugzilla Report 40455
* <fixcrlf> will no longer remove the temporary file it just created
before writing to it.
* <sshexec> and <scp> didn't deal with wildcard hostnames in ssh
config files properly.
Bugzilla Report 64530
Other changes:
- --------------
* Ant will no longer log a warning if it doesn't find tools.jar
Bugzilla Report 63577
* the <jar> task accepts now a nested <indexjarsmapper> element
that can be used to perform custom filename transformations
for the <indexjars> archives.
Github Pull Request #134
* added a new PropertyEnumerator interface that extensions can
provide if they are managing properties unknown to the Ant project.
* added some special code to support GraalVM JavaScript as
javax.script scripting engine for JavaScript. In particular we
relax some security settings of GraalVM so that scripts can access
Ant objects.
Also Ant enables Nashorn compatibility mode by default, you can
disable that by setting the magic Ant property
ant.disable.graal.nashorn.compat to true.
See the script task manual for additional details.
* If the magic property ant.tmpdir hasn't been set and Ant can
control the permissions of directories it creates it will create an
owner-owned temporary directory unaccessible to others as default
tempdir as soon as a temporary file is created for the first time,
For complete information on Ant, including instructions on how to submit
bug reports, patches, or suggestions for improvement, see the Apache Ant
website:
https://ant.apache.org/
Stefan Bodewig, on behalf of the Apache Ant community
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAl90uikACgkQohFa4V9ri3LsgQCgyBKG4FrZg+J+FexOtTDv4aoX
lSkAoLdG2voWQ5DzolGVwbE3NJcKdsTZ
=uIsS
-----END PGP SIGNATURE-----