feedback to the Ant mailing lists and report bugs in
Ant's Bugzilla issue tracker.
Stefan Bodewig
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/
iD8DBQFFB4bEohFa4V9ri3IRAs4gAJwKJ8BCcxOdpdrFT36gaJIhvyI2UQCbBDPL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Ant Team is proud to announce that version 1.7.1 has been
released and is available as source[1] and binary[2] archives now.
Ant 1.7.1 is mostly a bug fix release which addresses numerous issues
found in Ant 1.7.0 released in December
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Ant team is proud to announce the first release of the compress Ant
library.
The compress Ant library[1] is a library of tasks and types that use
Apache Commons Compress[2] to read and write AR, CPIO, TAR and ZIP
archives as well as BZIP2 and
Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
on the Compress Antlib, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Compress Antlib website:
http://ant.apache.org/antlibs/compress/index.html
Stefan Bodewig, on behalf of the Apache Ant community
pgpP19BDIBHIc.pgp
Description: PGP
a reflection of the completeness or stability of
the code, it does indicate that the project has yet to be fully endorsed by
the ASF.
Stefan Bodewig, on behalf of the Apache RAT community
pgpJr20KelC8v.pgp
Description: PGP signature
downloading the release.
For complete information on Ant, including instructions on how to submit
bug reports, patches, or suggestions for improvement, see the Apache Ant
website:
http://ant.apache.org/index.html
Stefan Bodewig, on behalf of the Apache Ant community
pgptOFf6eF9Qx.pgp
Description
.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
[1] http
.
For complete information on the Compress Antlib, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Compress Antlib website:
http://ant.apache.org/antlibs/compress/index.html
Stefan Bodewig, on behalf of the Apache Ant community
[1] http
http://ant.apache.org/security.html
Stefan Bodewig
pgpG5pqcxtOWc.pgp
Description: PGP signature
the release.
For complete information on Ant, including instructions on how to submit
bug reports, patches, or suggestions for improvement, see the Apache Ant
website:
http://ant.apache.org/index.html
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version: GnuPG
the release.
For complete information on log4net, including instructions on how to
submit bug reports, patches, or suggestions for improvement, see the
Apache log4net website:
http://logging.apache.org/log4net/
Stefan Bodewig on behalf of the log4net community
-BEGIN PGP SIGNATURE-
Version
BEHR.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Compress Antlib website:
http://ant.apache.org/antlibs/compress/index.html
Stefan Bodewig, on behalf of the Apache Ant community
[1] http://tukaani.org/xz/java.html
-BEGIN PGP SIGNATURE-
Version: GnuPG
.
For complete information on log4net, including instructions on how to
submit bug reports, patches, or suggestions for improvement, see the
Apache log4net website:
http://logging.apache.org/log4net/
Stefan Bodewig on behalf of the log4net community
-BEGIN PGP SIGNATURE-
Version: GnuPG
information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version
://ant.apache.org/antlibs/compress/index.html
Stefan Bodewig, on behalf of the Apache Ant community
[1] http://tukaani.org/xz/java.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAlLpJNcACgkQohFa4V9ri3JrHACdElul/r5gvOCXpLWUSr5pmfw1
kZkAoOPVQNtZ4AeQCIC8+HsRlO+bAb1E
=6yZX
-END
Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAlMhRewACgkQohFa4V9ri3JILACgqpPksDdKQPHq+U9gAQ2yZYTA
OqcAnRQcpMPZT6mFHchKTUGkYzzCsw/i
=NgWC
-END PGP
The dependency on org.tukaani:xz is now marked as optional.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf
.
For complete information on the AntUnit, including instructions on how
to submit bug reports, patches, or suggestions for improvement, see the
Apache AntUnit website:
http://ant.apache.org/antlibs/antunit/index.html
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version
, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAlQ4Bi0ACgkQohFa4V9ri3JTfgCePodWpLt1EAh0S0qPfl0IN3sC
. Thanks to Damjan Jovanovic.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache log4net team is pleased to announce the release of Apache
log4net 1.2.14. The release is available for download at
http://logging.apache.org/log4net/download.html
The Apache log4net library is a tool to help the programmer output
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache log4net team is pleased to announce the release of Apache
log4net 1.2.15. The release is available for download at
http://logging.apache.org/log4net/download_log4net.cgi
The Apache log4net library is a tool to help the programmer
that relied
on the finalizer.
Issue: COMPRESS-357.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Ant Team is pleased to announce the release of Apache Ant
1.9.7.
Version 1.9.7 is mostly a bug fix release but adds a few new features
like support for arbitrary filesyste resources in and initial
support for Java9 modules.
Apache Ant is
directory.
Issue: COMPRESS-321.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons
quot;fixed" script should work in most cases but will not preserve
newlines present in command line arguments.
Bugzilla Report 60562
For complete information on Ant, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Ant website:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache log4net team is pleased to announce the release of Apache
log4net 2.0.7. The release is available for download at
https://logging.apache.org/log4net/download_log4net.cgi
as well as via nuget
curityManager is active.
Bugzilla Report 60060
* support for javac's --release switch introduced with Java9 has been
added.
Bugzilla Report 60172
For complete information on Ant, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache An
instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache log4net team is pleased to announce the release of Apache
log4net 2.0.6. The release is available for download at
https://logging.apache.org/log4net/download_log4net.cgi
as well as via nuget
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache log4net team is pleased to announce the release of Apache
log4net 2.0.8. The release is available for download at
https://logging.apache.org/log4net/download_log4net.cgi
as well as via nuget
il website:
http://commons.apache.org/email/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAlmAyFMACgkQohFa4V9ri3J+kACcDuO7+0echoLLZPDglWkot2FD
FlIAoJ5Lu12NRpmnnl6tVAP3qS8MK513
=t6js
-END PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2017-9801: Apache Commons Email SMTP header injection vulnerabilty
Severity: low
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Commons Email 1.0 to 1.4.
Description:
When a call-site passes a subject for an email that
Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
downloading the release.
For complete information on the Compress Antlib, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Compress Antlib website:
http://ant.apache.org/antlibs/compress/index.html
Stefan Bodewig, on behalf of the Apache
MPRESS-409.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP
, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAlsUJ8cACgkQohFa4V9ri3Jt0ACgxxCmC8KTY+GAK3FWGtwga/bZ
complete information on Ant, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Ant website:
http://ant.apache.org/
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFA
in LogCapturer.
For complete information on AntUnit, including instructions on how to
submit bug reports, patches, or suggestions for improvement, see the
Apache AntUnit website:
https://ant.apache.org/antlibs/antunit/index.html
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP
and can now also be used to preserve the
drive letter on Windows.
For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:
http://commons.apache.org/compress/
Stefan Bodewig
ggestions for improvement,
see the Apache Ant website:
http://ant.apache.org/
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAlp6jS4ACgkQohFa4V9ri3LrtgCbB1+RJqXEi2STfh+XOIKI3+yS
/tEAn28n+AlbgTHDqDD4Kl2aG6QY+78k
=7fws
-END PGP SIGNATURE-
/
Stefan Bodewig, on behalf of the Apache Commons community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAlp++c4ACgkQohFa4V9ri3ITDQCgnxr2jMWoIfvfXXUPLJ5zCuYp
8SsAn389h66E2zJL+xq8ualWDSWew/HH
=SaGD
-END PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2018-11771: Apache Commons Compress 1.7 to 1.17 denial of service
vulnerability
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Commons Compress 1.7 to 1.17
Description:
When reading a specially crafted ZIP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.18.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy,
CVE-2018-1324: Apache Commons Compress denial of service vulnerability
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Commons Compress 1.11 to 1.15
Description:
A specially crafted ZIP archive can be used to cause an infinite loop
inside of Compress' extra field
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[Re-Sending with fixed subject, sorry]
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.19.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include:
://commons.apache.org/proper/commons-compress/security-reports.html
Stefan Bodewig
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAl1lgKIACgkQohFa4V9ri3IsSwCg0tYlFA5WXy6EuHFtRjsbVofR
WjAAn2uNwEELGpIR2JiRO+jEAyxQJZvV
=Ds0n
-END PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.20.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2020-1945: Apache Ant insecure temporary file vulnerability
Severity: Medium
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7
Description:
Apache Ant uses the default temporary directory
o submit
bug reports, patches, or suggestions for improvement, see the Apache Ant
website:
https://ant.apache.org/
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAl68IIoACgkQohFa4V9ri3IYIQCgy9n0AdDobpZVte08jT27ndPj
HqsAnRHHrPk1
tempdir as soon as a temporary file is created for the first time,
For complete information on Ant, including instructions on how to submit
bug reports, patches, or suggestions for improvement, see the Apache Ant
website:
https://ant.apache.org/
Stefan Bodewig, on behalf of the Apache Ant
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2020-11979: Apache Ant insecure temporary file vulnerability
Severity: Medium
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Ant 1.10.8
Description:
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the
permissions
.
BugZilla Issue 65315
For complete information on AntUnit, including instructions on how to
submit bug reports, patches, or suggestions for improvement, see the
Apache AntUnit website:
https://ant.apache.org/antlibs/antunit/index.html
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN
Description:
When reading a specially crafted ZIP archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress' zip package.
Description:
When reading a specially crafted TAR archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress' tar package.
Severity: low
Description:
When reading a specially crafted 7Z archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress'
Severity: low
Description:
When reading a specially crafted 7Z archive, the construction of the list of
codecs that decompress an entry can result in an infinite loop. This could be
used to mount a denial of service attack against services that use Compress'
sevenz package.
Mitigation:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.21.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy,
Description:
When reading a specially crafted ZIP archive, or a derived formats, an Apache
Ant build can be made to allocate large amounts of memory that leads to an out
of memory error, even for small inputs. This can be used to disrupt builds
using Apache Ant.
Commonly used derived formats
Description:
When reading a specially crafted TAR archive an Apache Ant build can be made to
allocate large amounts of memory that finally leads to an out of memory error,
even for small inputs. This can be used to disrupt builds using Apache Ant.
Mitigation:
Apache Ant 1.9.x users should
://ant.apache.org/
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAmDty0UACgkQohFa4V9ri3J/fACcDdV5LR1N/2Jrb8jNn/eZmwYq
e/MAoM8OvDCeEYH76QbDWJYVfnE1raI3
=D8Oy
-END PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Severity: moderate
Affected versions:
- - Apache Ivy 1.0.0 through 2.5.1
Description:
Improper Restriction of XML External Entity Reference, XML Injection (aka Blind
XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This
the Apache Ivy
website:
https://ant.apache.org/ivy/
Stefan Bodewig, on behalf of the Apache Ant community
Severity: medium
Description:
With Apache Ivy 2.4.0 an optional packaging attribute has been
introduced that allows artifacts to be unpacked on the fly if they used
pack200 or zip packaging.
For artifacts using the "zip", "jar" or "war" packaging Ivy prior to
2.5.1 doesn't verify the target
on how to submit
bug reports, patches, or suggestions for improvement, see the Apache Ivy
website:
https://ant.apache.org/ivy/
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAmNk8ecACgkQohFa4V9ri3KZ5wCgqMKXyK
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Severity: medium
Description:
When Apache Ivy downloads artifacts from a repository it stores them in
the local file system based on a user-supplied "pattern" that may
include placeholders for artifacts coordinates like the organisation,
module or
community grow around IvyDE, the subproject could be
reactivated[3].
We want to thank the people who created or contributed to IvyDE over the
years.
Stefan Bodewig on behalf of the Ant PMC.
[1] https://lists.apache.org/thread/wo32q8s8o8z9m126gz3m533q2fnqq21o
[2]
https://ant.apache.org/processes.html
69 matches
Mail list logo
