You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Sylwester Lachiewicz (Jira)" <ji...@apache.org> on 2023/04/01 08:33:00 UTC
[jira] [Updated] (ARCHETYPE-645) Bump ivy from 2.5.0 to 2.5.1
[ https://issues.apache.org/jira/browse/ARCHETYPE-645?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sylwester Lachiewicz updated ARCHETYPE-645:
-------------------------------------------
Description:
Key features of this 2.5.1 release are:
* Ivy now requires a minimum of Java 8 runtime.
* Fixes two Security Vulnerabilities, see [the scurity page|https://ant.apache.org/ivy/security.html] for details.
For details about the following changes, check our JIRA install at https://issues.apache.org/jira/browse/IVY
*List of changes since Ivy 2.5.0:*
* BREAKING: Removed old fr\jayasoft\ivy\ant\antlib.xml AntLib definition file (IVY-1612)
* FIX: ResolveEngine resets dictator resolver to null in the global configuration (IVY-1618)
* FIX: ConcurrentModificationException in MessageLoggerHelper.sumupProblems (IVY-1628)
* FIX: useOrigin="true" fails with file-based ibiblio (IVY-1616)
* FIX: ivy:retrieve Ant task didn’t create an empty fileset when no files were retrieved to a non-empty directory (IVY-1631)
* FIX: ivy:retrieve Ant task relied on the default HTTP header "Accept" which caused problems with servers that interpret it strictly (e.g. AWS CodeArtifact) (IVY-1632)
* IMPROVEMENT: Ivy command now accepts a URL for the -settings option (IVY-1615)
* FIX: CVE-2022-37865 allow create/overwrite any file on the system (see [https://ant.apache.org/ivy/security.html])
* FIX: CVE-2022-37866 Path traversal in patterns (see [https://ant.apache.org/ivy/security.html])
[https://ant.apache.org/ivy/history/2.5.1/release-notes.html]
> Bump ivy from 2.5.0 to 2.5.1
> ----------------------------
>
> Key: ARCHETYPE-645
> URL: https://issues.apache.org/jira/browse/ARCHETYPE-645
> Project: Maven Archetype
> Issue Type: Dependency upgrade
> Reporter: Sylwester Lachiewicz
> Priority: Major
> Fix For: 3.2.2
>
>
> Key features of this 2.5.1 release are:
> * Ivy now requires a minimum of Java 8 runtime.
> * Fixes two Security Vulnerabilities, see [the scurity page|https://ant.apache.org/ivy/security.html] for details.
>
> For details about the following changes, check our JIRA install at https://issues.apache.org/jira/browse/IVY
> *List of changes since Ivy 2.5.0:*
> * BREAKING: Removed old fr\jayasoft\ivy\ant\antlib.xml AntLib definition file (IVY-1612)
> * FIX: ResolveEngine resets dictator resolver to null in the global configuration (IVY-1618)
> * FIX: ConcurrentModificationException in MessageLoggerHelper.sumupProblems (IVY-1628)
> * FIX: useOrigin="true" fails with file-based ibiblio (IVY-1616)
> * FIX: ivy:retrieve Ant task didn’t create an empty fileset when no files were retrieved to a non-empty directory (IVY-1631)
> * FIX: ivy:retrieve Ant task relied on the default HTTP header "Accept" which caused problems with servers that interpret it strictly (e.g. AWS CodeArtifact) (IVY-1632)
> * IMPROVEMENT: Ivy command now accepts a URL for the -settings option (IVY-1615)
> * FIX: CVE-2022-37865 allow create/overwrite any file on the system (see [https://ant.apache.org/ivy/security.html])
> * FIX: CVE-2022-37866 Path traversal in patterns (see [https://ant.apache.org/ivy/security.html])
> [https://ant.apache.org/ivy/history/2.5.1/release-notes.html]
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)