You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@groovy.apache.org by "Paul King (Jira)" <ji...@apache.org> on 2020/11/26 07:13:00 UTC
[jira] [Comment Edited] (GROOVY-9552) Bump Ant versions to address:
[CVE-2020-1945] Apache Ant insecure temporary file vulnerability
[ https://issues.apache.org/jira/browse/GROOVY-9552?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17106778#comment-17106778 ]
Paul King edited comment on GROOVY-9552 at 11/26/20, 7:12 AM:
--------------------------------------------------------------
2_4_X/2_5_X will change to Ant 1.9.15 and 3_0_X and master will change to Ant 1.10.8
was (Author: paulk):
2_5_X will change to Ant 1.9.15 and 3_0_X and master will change to Ant 1.10.8
> Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability
> ----------------------------------------------------------------------------------------------
>
> Key: GROOVY-9552
> URL: https://issues.apache.org/jira/browse/GROOVY-9552
> Project: Groovy
> Issue Type: Dependency upgrade
> Reporter: Paul King
> Assignee: Paul King
> Priority: Major
> Fix For: 4.0.0-alpha-1, 3.0.4, 2.5.12, 2.4.21
>
>
> I think it is a low risk for Groovy users but we might as well get the latest Ant and have the extra mechanisms in place as described by:
> https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E
--
This message was sent by Atlassian Jira
(v8.3.4#803005)