You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@avro.apache.org by ie...@apache.org on 2020/06/22 13:28:04 UTC

[avro] 02/02: AVRO-2865: Actually bump the jar.

This is an automated email from the ASF dual-hosted git repository.

iemejia pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/avro.git

commit d9fae92aed6d40bb881badbbbe5eb74060efd01b
Author: Ryan Skraba <ry...@skraba.com>
AuthorDate: Fri Jun 19 15:14:43 2020 +0200

    AVRO-2865: Actually bump the jar.
---
 lang/java/maven-plugin/pom.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lang/java/maven-plugin/pom.xml b/lang/java/maven-plugin/pom.xml
index ab804cb..1e25afe 100644
--- a/lang/java/maven-plugin/pom.xml
+++ b/lang/java/maven-plugin/pom.xml
@@ -61,6 +61,14 @@
       <artifactId>maven-core</artifactId>
       <version>${maven.version}</version>
     </dependency>
+    <!-- Bump this to a higher version while maven 3.3.9 still uses 3.0.22 with a -->
+    <!-- XML injection vulnerability. -->
+    <dependency>
+      <groupId>org.codehaus.plexus</groupId>
+      <artifactId>plexus-utils</artifactId>
+      <version>3.0.24</version>
+      <scope>provided</scope>
+    </dependency>
     <dependency>
       <groupId>org.apache.maven.shared</groupId>
       <artifactId>file-management</artifactId>