community grow around IvyDE, the subproject could be
reactivated[3].
We want to thank the people who created or contributed to IvyDE over the
years.
Stefan Bodewig on behalf of the Ant PMC.
[1] https://lists.apache.org/thread/wo32q8s8o8z9m126gz3m533q2fnqq21o
[2]
https://ant.apache.org/processes.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Severity: moderate
Affected versions:
- - Apache Ivy 1.0.0 through 2.5.1
Description:
Improper Restriction of XML External Entity Reference, XML Injection (aka Blind
XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This
the Apache Ivy
website:
https://ant.apache.org/ivy/
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Severity: medium
Description:
When Apache Ivy downloads artifacts from a repository it stores them in
the local file system based on a user-supplied "pattern" that may
include placeholders for artifacts coordinates like the organisation,
module or
Severity: medium
Description:
With Apache Ivy 2.4.0 an optional packaging attribute has been
introduced that allows artifacts to be unpacked on the fly if they used
pack200 or zip packaging.
For artifacts using the "zip", "jar" or "war" packaging Ivy prior to
2.5.1 doesn't verify the target
on how to submit
bug reports, patches, or suggestions for improvement, see the Apache Ivy
website:
https://ant.apache.org/ivy/
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAmNk8ecACgkQohFa4V9ri3KZ5wCgqMKXyK
Description:
When reading a specially crafted TAR archive an Apache Ant build can be made to
allocate large amounts of memory that finally leads to an out of memory error,
even for small inputs. This can be used to disrupt builds using Apache Ant.
Mitigation:
Apache Ant 1.9.x users should
Description:
When reading a specially crafted ZIP archive, or a derived formats, an Apache
Ant build can be made to allocate large amounts of memory that leads to an out
of memory error, even for small inputs. This can be used to disrupt builds
using Apache Ant.
Commonly used derived formats
://ant.apache.org/
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAmDty0UACgkQohFa4V9ri3J/fACcDdV5LR1N/2Jrb8jNn/eZmwYq
e/MAoM8OvDCeEYH76QbDWJYVfnE1raI3
=D8Oy
-END PGP SIGNATURE-
Severity: low
Description:
When reading a specially crafted 7Z archive, the construction of the list of
codecs that decompress an entry can result in an infinite loop. This could be
used to mount a denial of service attack against services that use Compress'
sevenz package.
Mitigation:
Severity: low
Description:
When reading a specially crafted 7Z archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress'
Description:
When reading a specially crafted TAR archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress' tar package.
Description:
When reading a specially crafted ZIP archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress' zip package.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.21.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy,
.
BugZilla Issue 65315
For complete information on AntUnit, including instructions on how to
submit bug reports, patches, or suggestions for improvement, see the
Apache AntUnit website:
https://ant.apache.org/antlibs/antunit/index.html
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2020-11979: Apache Ant insecure temporary file vulnerability
Severity: Medium
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Ant 1.10.8
Description:
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the
permissions
tempdir as soon as a temporary file is created for the first time,
For complete information on Ant, including instructions on how to submit
bug reports, patches, or suggestions for improvement, see the Apache Ant
website:
https://ant.apache.org/
Stefan Bodewig, on behalf of the Apache Ant
o submit
bug reports, patches, or suggestions for improvement, see the Apache Ant
website:
https://ant.apache.org/
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAl68IIoACgkQohFa4V9ri3IYIQCgy9n0AdDobpZVte08jT27ndPj
HqsAnRHHrPk1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2020-1945: Apache Ant insecure temporary file vulnerability
Severity: Medium
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7
Description:
Apache Ant uses the default temporary directory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.20.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy,
://commons.apache.org/proper/commons-compress/security-reports.html
Stefan Bodewig
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAl1lgKIACgkQohFa4V9ri3IsSwCg0tYlFA5WXy6EuHFtRjsbVofR
WjAAn2uNwEELGpIR2JiRO+jEAyxQJZvV
=Ds0n
-END PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[Re-Sending with fixed subject, sorry]
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.19.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2018-11771: Apache Commons Compress 1.7 to 1.17 denial of service
vulnerability
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Commons Compress 1.7 to 1.17
Description:
When reading a specially crafted ZIP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.18.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy,
in LogCapturer.
For complete information on AntUnit, including instructions on how to
submit bug reports, patches, or suggestions for improvement, see the
Apache AntUnit website:
https://ant.apache.org/antlibs/antunit/index.html
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP
complete information on Ant, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Ant website:
http://ant.apache.org/
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFA
, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAlsUJ8cACgkQohFa4V9ri3Jt0ACgxxCmC8KTY+GAK3FWGtwga/bZ
CVE-2018-1324: Apache Commons Compress denial of service vulnerability
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Commons Compress 1.11 to 1.15
Description:
A specially crafted ZIP archive can be used to cause an infinite loop
inside of Compress' extra field
/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAlp++c4ACgkQohFa4V9ri3ITDQCgnxr2jMWoIfvfXXUPLJ5zCuYp
8SsAn389h66E2zJL+xq8ualWDSWew/HH
=SaGD
-END PGP SIGNATURE-
ggestions for improvement,
see the Apache Ant website:
http://ant.apache.org/
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAlp6jS4ACgkQohFa4V9ri3LrtgCbB1+RJqXEi2STfh+XOIKI3+yS
/tEAn28n+AlbgTHDqDD4Kl2aG6QY+78k
=7fws
-END PGP SIGNATURE-
and can now also be used to preserve the
drive letter on Windows.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig
MPRESS-409.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2017-9801: Apache Commons Email SMTP header injection vulnerabilty
Severity: low
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Commons Email 1.0 to 1.4.
Description:
When a call-site passes a subject for an email that
il website:
http://commons.apache.org/email/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAlmAyFMACgkQohFa4V9ri3J+kACcDuO7+0echoLLZPDglWkot2FD
FlIAoJ5Lu12NRpmnnl6tVAP3qS8MK513
=t6js
-END PGP SIGNATURE-
downloading the release.
For complete information on the Compress Antlib, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Compress Antlib website:
http://ant.apache.org/antlibs/compress/index.html
Stefan Bodewig, on behalf of the Apache
Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache log4net team is pleased to announce the release of Apache
log4net 2.0.8. The release is available for download at
https://logging.apache.org/log4net/download_log4net.cgi
as well as via nuget
quot;fixed" script should work in most cases but will not preserve
newlines present in command line arguments.
Bugzilla Report 60562
For complete information on Ant, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Ant website:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache log4net team is pleased to announce the release of Apache
log4net 2.0.7. The release is available for download at
https://logging.apache.org/log4net/download_log4net.cgi
as well as via nuget
curityManager is active.
Bugzilla Report 60060
* support for javac's --release switch introduced with Java9 has been
added.
Bugzilla Report 60172
For complete information on Ant, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache An
instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache log4net team is pleased to announce the release of Apache
log4net 2.0.6. The release is available for download at
https://logging.apache.org/log4net/download_log4net.cgi
as well as via nuget
that relied
on the finalizer.
Issue: COMPRESS-357.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Ant Team is pleased to announce the release of Apache Ant
1.9.7.
Version 1.9.7 is mostly a bug fix release but adds a few new features
like support for arbitrary filesyste resources in and initial
support for Java9 modules.
Apache Ant is
directory.
Issue: COMPRESS-321.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache log4net team is pleased to announce the release of Apache
log4net 1.2.15. The release is available for download at
http://logging.apache.org/log4net/download_log4net.cgi
The Apache log4net library is a tool to help the programmer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache log4net team is pleased to announce the release of Apache
log4net 1.2.14. The release is available for download at
http://logging.apache.org/log4net/download.html
The Apache log4net library is a tool to help the programmer output
. Thanks to Damjan Jovanovic.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons
, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAlQ4Bi0ACgkQohFa4V9ri3JTfgCePodWpLt1EAh0S0qPfl0IN3sC
The dependency on org.tukaani:xz is now marked as optional.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf
.
For complete information on the AntUnit, including instructions on how
to submit bug reports, patches, or suggestions for improvement, see the
Apache AntUnit website:
http://ant.apache.org/antlibs/antunit/index.html
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version
Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAlMhRewACgkQohFa4V9ri3JILACgqpPksDdKQPHq+U9gAQ2yZYTA
OqcAnRQcpMPZT6mFHchKTUGkYzzCsw/i
=NgWC
-END PGP
://ant.apache.org/antlibs/compress/index.html
Stefan Bodewig, on behalf of the Apache Ant community
[1] http://tukaani.org/xz/java.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAlLpJNcACgkQohFa4V9ri3JrHACdElul/r5gvOCXpLWUSr5pmfw1
kZkAoOPVQNtZ4AeQCIC8+HsRlO+bAb1E
=6yZX
-END
information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version
.
For complete information on log4net, including instructions on how to
submit bug reports, patches, or suggestions for improvement, see the
Apache log4net website:
http://logging.apache.org/log4net/
Stefan Bodewig on behalf of the log4net community
-BEGIN PGP SIGNATURE-
Version: GnuPG
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Compress Antlib website:
http://ant.apache.org/antlibs/compress/index.html
Stefan Bodewig, on behalf of the Apache Ant community
[1] http://tukaani.org/xz/java.html
-BEGIN PGP SIGNATURE-
Version: GnuPG
BEHR.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN
the release.
For complete information on log4net, including instructions on how to
submit bug reports, patches, or suggestions for improvement, see the
Apache log4net website:
http://logging.apache.org/log4net/
Stefan Bodewig on behalf of the log4net community
-BEGIN PGP SIGNATURE-
Version
the release.
For complete information on Ant, including instructions on how to submit
bug reports, patches, or suggestions for improvement, see the Apache Ant
website:
http://ant.apache.org/index.html
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version: GnuPG
http://ant.apache.org/security.html
Stefan Bodewig
pgpG5pqcxtOWc.pgp
Description: PGP signature
.
For complete information on the Compress Antlib, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Compress Antlib website:
http://ant.apache.org/antlibs/compress/index.html
Stefan Bodewig, on behalf of the Apache Ant community
[1] http
.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
[1] http
downloading the release.
For complete information on Ant, including instructions on how to submit
bug reports, patches, or suggestions for improvement, see the Apache Ant
website:
http://ant.apache.org/index.html
Stefan Bodewig, on behalf of the Apache Ant community
pgptOFf6eF9Qx.pgp
Description
a reflection of the completeness or stability of
the code, it does indicate that the project has yet to be fully endorsed by
the ASF.
Stefan Bodewig, on behalf of the Apache RAT community
pgpJr20KelC8v.pgp
Description: PGP signature
on the Compress Antlib, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Compress Antlib website:
http://ant.apache.org/antlibs/compress/index.html
Stefan Bodewig, on behalf of the Apache Ant community
pgpP19BDIBHIc.pgp
Description: PGP
Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Ant team is proud to announce the first release of the compress Ant
library.
The compress Ant library[1] is a library of tasks and types that use
Apache Commons Compress[2] to read and write AR, CPIO, TAR and ZIP
archives as well as BZIP2 and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Ant Team is proud to announce that version 1.7.1 has been
released and is available as source[1] and binary[2] archives now.
Ant 1.7.1 is mostly a bug fix release which addresses numerous issues
found in Ant 1.7.0 released in December
feedback to the Ant mailing lists and report bugs in
Ant's Bugzilla issue tracker.
Stefan Bodewig
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/
iD8DBQFFB4bEohFa4V9ri3IRAs4gAJwKJ8BCcxOdpdrFT36gaJIhvyI2UQCbBDPL
69 matches
Mail list logo