[
https://issues.apache.org/jira/browse/ARCHETYPE-645?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sylwester Lachiewicz updated ARCHETYPE-645:
-------------------------------------------
Description:
Key features of this 2.5.1 release are:
* Ivy now requires a minimum of Java 8 runtime.
* Fixes two Security Vulnerabilities, see [the scurity
page|https://ant.apache.org/ivy/security.html] for details.
For details about the following changes, check our JIRA install at
https://issues.apache.org/jira/browse/IVY
*List of changes since Ivy 2.5.0:*
* BREAKING: Removed old fr\jayasoft\ivy\ant\antlib.xml AntLib definition file
(IVY-1612)
* FIX: ResolveEngine resets dictator resolver to null in the global
configuration (IVY-1618)
* FIX: ConcurrentModificationException in MessageLoggerHelper.sumupProblems
(IVY-1628)
* FIX: useOrigin="true" fails with file-based ibiblio (IVY-1616)
* FIX: ivy:retrieve Ant task didn’t create an empty fileset when no files were
retrieved to a non-empty directory (IVY-1631)
* FIX: ivy:retrieve Ant task relied on the default HTTP header "Accept" which
caused problems with servers that interpret it strictly (e.g. AWS CodeArtifact)
(IVY-1632)
* IMPROVEMENT: Ivy command now accepts a URL for the -settings option
(IVY-1615)
* FIX: CVE-2022-37865 allow create/overwrite any file on the system (see
[https://ant.apache.org/ivy/security.html])
* FIX: CVE-2022-37866 Path traversal in patterns (see
[https://ant.apache.org/ivy/security.html])
[https://ant.apache.org/ivy/history/2.5.1/release-notes.html]
> Bump ivy from 2.5.0 to 2.5.1
> ----------------------------
>
> Key: ARCHETYPE-645
> URL: https://issues.apache.org/jira/browse/ARCHETYPE-645
> Project: Maven Archetype
> Issue Type: Dependency upgrade
> Reporter: Sylwester Lachiewicz
> Priority: Major
> Fix For: 3.2.2
>
>
> Key features of this 2.5.1 release are:
> * Ivy now requires a minimum of Java 8 runtime.
> * Fixes two Security Vulnerabilities, see [the scurity
> page|https://ant.apache.org/ivy/security.html] for details.
>
> For details about the following changes, check our JIRA install at
> https://issues.apache.org/jira/browse/IVY
> *List of changes since Ivy 2.5.0:*
> * BREAKING: Removed old fr\jayasoft\ivy\ant\antlib.xml AntLib definition
> file (IVY-1612)
> * FIX: ResolveEngine resets dictator resolver to null in the global
> configuration (IVY-1618)
> * FIX: ConcurrentModificationException in MessageLoggerHelper.sumupProblems
> (IVY-1628)
> * FIX: useOrigin="true" fails with file-based ibiblio (IVY-1616)
> * FIX: ivy:retrieve Ant task didn’t create an empty fileset when no files
> were retrieved to a non-empty directory (IVY-1631)
> * FIX: ivy:retrieve Ant task relied on the default HTTP header "Accept"
> which caused problems with servers that interpret it strictly (e.g. AWS
> CodeArtifact) (IVY-1632)
> * IMPROVEMENT: Ivy command now accepts a URL for the -settings option
> (IVY-1615)
> * FIX: CVE-2022-37865 allow create/overwrite any file on the system (see
> [https://ant.apache.org/ivy/security.html])
> * FIX: CVE-2022-37866 Path traversal in patterns (see
> [https://ant.apache.org/ivy/security.html])
> [https://ant.apache.org/ivy/history/2.5.1/release-notes.html]
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
