Hi Ashish On 2022-02-02, Ashish Verma V wrote:
> We are using "maven-antrun-plugin" that internally uses apache ant. > Recently high severity vulnerability > (CVE-2020-11979<https://ant.apache.org/security.html>) is observed > specific to apache ant > Kindly let us know the plan to take the latest ant version to fix this > vulnerability. The maven antrun plugin is not maintained by the Apache Ant project, but by the Apache Maven project[1]. You may want to ask over there. It is possible that Maven configures the temporary directory for the antrun plugin in a totally different way and thus the plugin is not affected by the vulnerability. But I am by no means an expert for the antrun plugin and you really should ask over in Maven land to see whether it is affected or not. Please note the CVE we are talking about has been published more than a year ago. Cheers Stefan [1] https://maven.apache.org/plugins/maven-antrun-plugin/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
