You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@avro.apache.org by ie...@apache.org on 2020/06/22 13:28:04 UTC
[avro] 02/02: AVRO-2865: Actually bump the jar.
This is an automated email from the ASF dual-hosted git repository.
iemejia pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/avro.git
commit d9fae92aed6d40bb881badbbbe5eb74060efd01b
Author: Ryan Skraba <ry...@skraba.com>
AuthorDate: Fri Jun 19 15:14:43 2020 +0200
AVRO-2865: Actually bump the jar.
---
lang/java/maven-plugin/pom.xml | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lang/java/maven-plugin/pom.xml b/lang/java/maven-plugin/pom.xml
index ab804cb..1e25afe 100644
--- a/lang/java/maven-plugin/pom.xml
+++ b/lang/java/maven-plugin/pom.xml
@@ -61,6 +61,14 @@
<artifactId>maven-core</artifactId>
<version>${maven.version}</version>
</dependency>
+ <!-- Bump this to a higher version while maven 3.3.9 still uses 3.0.22 with a -->
+ <!-- XML injection vulnerability. -->
+ <dependency>
+ <groupId>org.codehaus.plexus</groupId>
+ <artifactId>plexus-utils</artifactId>
+ <version>3.0.24</version>
+ <scope>provided</scope>
+ </dependency>
<dependency>
<groupId>org.apache.maven.shared</groupId>
<artifactId>file-management</artifactId>