You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Stefan Bodewig <bo...@apache.org> on 2020/09/30 17:02:35 UTC

[ANN] Apache Ant 1.10.9 Released

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Apache Ant Team is pleased to announce the release of Apache Ant
1.10.9.

Apache Ant is a Java library and command-line tool that helps building
software.

The Apache Ant team currently maintains two lines of development. The
1.9.x releases require Java5 at runtime and 1.10.x requires Java8 at
runtime. Both lines are based off of Ant 1.9.7 and the 1.9.x releases
are mostly bug fix releases while additional new features are developed
for 1.10.x. We recommend using 1.10.4 unless you are required to use
versions of Java prior to Java8 during the build process.

Ant 1.10.9 contains a bugfixes and support for using GraalVM JavaScript
inside the script family of tasks and types.

It also addresses an insecure temporary file vulnerability
vulnerability, see see the upcoming CVE announcement or
https://ant.apache.org/security.html for details.

Source and binary distributions are available for download from the
Apache Ant download site:

https://ant.apache.org/bindownload.cgi
https://ant.apache.org/srcdownload.cgi

When downloading, please verify signatures using the KEYS file available
at the above location when downloading the release.

Changes in 1.10.9 include:
==========================

Changes from Ant 1.10.8 TO Ant 1.10.9
=====================================

Fixed bugs:
- -----------

 * the ftp task could throw a NullPointerException if an error occured
   Bugzilla Report 64438

 * propertyset now also sees in-scope local properties
   Bugzilla Report 50179

 * replaced our version of ReaderInputStream with the battle-tested
   version of Apache Commons IO as our version had problems with
   surrogate pairs (and likely other edge cases as well).
   Bugzilla Report 40455

 * <fixcrlf> will no longer remove the temporary file it just created
   before writing to it.

 * <sshexec> and <scp> didn't deal with wildcard hostnames in ssh
   config files properly.
   Bugzilla Report 64530

Other changes:
- --------------

 * Ant will no longer log a warning if it doesn't find tools.jar
   Bugzilla Report 63577

 * the <jar> task accepts now a nested <indexjarsmapper> element
   that can be used to perform custom filename transformations
   for the <indexjars> archives.
   Github Pull Request #134

 * added a new PropertyEnumerator interface that extensions can
   provide if they are managing properties unknown to the Ant project.

 * added some special code to support GraalVM JavaScript as
   javax.script scripting engine for JavaScript. In particular we
   relax some security settings of GraalVM so that scripts can access
   Ant objects.

   Also Ant enables Nashorn compatibility mode by default, you can
   disable that by setting the magic Ant property
   ant.disable.graal.nashorn.compat to true.

   See the script task manual for additional details.

 * If the magic property ant.tmpdir hasn't been set and Ant can
   control the permissions of directories it creates it will create an
   owner-owned temporary directory unaccessible to others as default
   tempdir as soon as a temporary file is created for the first time,

For complete information on Ant, including instructions on how to submit
bug reports, patches, or suggestions for improvement, see the Apache Ant
website:

https://ant.apache.org/

Stefan Bodewig, on behalf of the Apache Ant community
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAl90uikACgkQohFa4V9ri3LsgQCgyBKG4FrZg+J+FexOtTDv4aoX
lSkAoLdG2voWQ5DzolGVwbE3NJcKdsTZ
=uIsS
-----END PGP SIGNATURE-----