You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@groovy.apache.org by "Paul King (Jira)" <ji...@apache.org> on 2020/05/14 01:50:00 UTC

[jira] [Commented] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability

    [ https://issues.apache.org/jira/browse/GROOVY-9552?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17106778#comment-17106778 ] 

Paul King commented on GROOVY-9552:
-----------------------------------

2_5_X will change to Ant 1.9.15 and 3_0_X and master will change to Ant 1.10.8

> Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability
> ----------------------------------------------------------------------------------------------
>
>                 Key: GROOVY-9552
>                 URL: https://issues.apache.org/jira/browse/GROOVY-9552
>             Project: Groovy
>          Issue Type: Dependency upgrade
>            Reporter: Paul King
>            Assignee: Paul King
>            Priority: Major
>
> I think it is a low risk for Groovy users but we might as well get the latest Ant and have the extra mechanisms in place as described by:
> https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E



--
This message was sent by Atlassian Jira
(v8.3.4#803005)