Author: bodewig Date: Wed May 13 16:26:21 2020 New Revision: 1877701 URL: http://svn.apache.org/viewvc?rev=1877701&view=rev Log: announce releases
Modified: ant/site/ant/production/antnews.html ant/site/ant/production/bindownload.html ant/site/ant/production/faq.html ant/site/ant/production/index.html ant/site/ant/production/manual-1.9.x/running.html ant/site/ant/production/manual/running.html ant/site/ant/production/manualdownload.html ant/site/ant/production/security.html ant/site/ant/production/srcdownload.html ant/site/ant/sources/antnews.xml ant/site/ant/sources/bindownload.xml ant/site/ant/sources/faq.xml ant/site/ant/sources/index.xml ant/site/ant/sources/manualdownload.xml ant/site/ant/sources/security.xml ant/site/ant/sources/srcdownload.xml Modified: ant/site/ant/production/antnews.html URL: http://svn.apache.org/viewvc/ant/site/ant/production/antnews.html?rev=1877701&r1=1877700&r2=1877701&view=diff ============================================================================== --- ant/site/ant/production/antnews.html (original) +++ ant/site/ant/production/antnews.html Wed May 13 16:26:21 2020 @@ -227,6 +227,27 @@ <div class="content"> <h1 class="title">Apache Ant™ Project News</h1> <h3 class="section"> + <a name="Apache Ant 1.9.15 and 1.10.8"></a> + Apache Ant 1.9.15 and 1.10.8 + </h3> + <h3>May 13, 2020 - Apache Ant 1.9.15 and 1.10.8 Released</h3> + <p>Apache Ant 1.9.15 and 1.10.8 are now available for download as source or + binary from + <a href="https://ant.apache.org/bindownload.cgi">https://ant.apache.org/bindownload.cgi</a>.</p> + <p>The Apache Ant team currently maintains two lines of + development. The 1.9.x releases require Java5 at runtime and 1.10.x + requires Java8 at runtime. Both lines are based off of Ant 1.9.7 and + the 1.9.x releases are mostly bug fix releases while additional new + features are developed for 1.10.x. We recommend using 1.10.x unless + you are required to use versions of Java prior to Java8 during the + build process.</p> + <p>Ant 1.10.8 contains a superset of 1.9.15 - with the exception of + a few tasks and features that no longer work with Java8 anyway + (like the <code>apt</code> task).</p> + <p>Both releases address a insecure temporary file vulnerability + vulnerability, see the <a href="./security.html">security + report</a> for details.</p> + <h3 class="section"> <a name="Apache Ant 1.10.7"></a> Apache Ant 1.10.7 </h3> Modified: ant/site/ant/production/bindownload.html URL: http://svn.apache.org/viewvc/ant/site/ant/production/bindownload.html?rev=1877701&r1=1877700&r2=1877701&view=diff ============================================================================== --- ant/site/ant/production/bindownload.html (original) +++ ant/site/ant/production/bindownload.html Wed May 13 16:26:21 2020 @@ -275,13 +275,13 @@ Other mirrors: <select name="Preferred"> features are developed for 1.10.x. We recommend using 1.10.x unless you are required to use versions of Java prior to Java8 during the build process.</p> - <p>Currently, Apache Ant 1.9.14 and 1.10.7 are the best available + <p>Currently, Apache Ant 1.9.15 and 1.10.8 are the best available versions, see the <a href="[preferred]/ant/README.html">release notes</a>.</p> <div class="warning"> <div class="label">Note</div> -<div class="content">Ant 1.10.7 has been released on -5-Sep-2019 and may not be available on all mirrors for a few +<div class="content">Ant 1.10.8 and 1.9.15 have been released on +13-May-2020 and may not be available on all mirrors for a few days.</div> </div> <br /> @@ -291,50 +291,50 @@ days.</div> require gnu tar to do the extraction.</div> </div> <h3 class="section"> - <a name="1.9.14 release - requires minimum of Java 5 at runtime"></a> - 1.9.14 release - requires minimum of Java 5 at runtime + <a name="1.9.15 release - requires minimum of Java 5 at runtime"></a> + 1.9.15 release - requires minimum of Java 5 at runtime </h3> <ul> - <li>1.9.14 <code>.zip</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.9.14-bin.zip">apache-ant-1.9.14-bin.zip</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.14-bin.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.14-bin.zip.sha512">SHA512</a>] - </li> - <li>1.9.14 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.9.14-bin.tar.gz">apache-ant-1.9.14-bin.tar.gz</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.14-bin.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.14-bin.tar.gz.sha512">SHA512</a>] - </li> - <li>1.9.14 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.9.14-bin.tar.bz2">apache-ant-1.9.14-bin.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.14-bin.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.14-bin.tar.bz2.sha512">SHA512</a>] + <li>1.9.15 <code>.zip</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.9.15-bin.zip">apache-ant-1.9.15-bin.zip</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.15-bin.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.15-bin.zip.sha512">SHA512</a>] + </li> + <li>1.9.15 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.9.15-bin.tar.gz">apache-ant-1.9.15-bin.tar.gz</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.15-bin.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.15-bin.tar.gz.sha512">SHA512</a>] + </li> + <li>1.9.15 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.9.15-bin.tar.bz2">apache-ant-1.9.15-bin.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.15-bin.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.15-bin.tar.bz2.sha512">SHA512</a>] </li> </ul> <h3 class="section"> - <a name="1.10.7 release - requires minimum of Java 8 at runtime"></a> - 1.10.7 release - requires minimum of Java 8 at runtime + <a name="1.10.8 release - requires minimum of Java 8 at runtime"></a> + 1.10.8 release - requires minimum of Java 8 at runtime </h3> <ul> - <li>1.10.7 <code>.zip</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.10.7-bin.zip">apache-ant-1.10.7-bin.zip</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.7-bin.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.7-bin.zip.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.10.7-bin.tar.gz">apache-ant-1.10.7-bin.tar.gz</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.7-bin.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.7-bin.tar.gz.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.10.7-bin.tar.bz2">apache-ant-1.10.7-bin.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.7-bin.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.7-bin.tar.bz2.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.xz</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.10.7-bin.tar.xz">apache-ant-1.10.7-bin.tar.xz</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.7-bin.tar.xz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.7-bin.tar.xz.sha512">SHA512</a>] + <li>1.10.8 <code>.zip</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.10.8-bin.zip">apache-ant-1.10.8-bin.zip</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.zip.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.10.8-bin.tar.gz">apache-ant-1.10.8-bin.tar.gz</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.gz.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.10.8-bin.tar.bz2">apache-ant-1.10.8-bin.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.bz2.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.xz</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.10.8-bin.tar.xz">apache-ant-1.10.8-bin.tar.xz</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.xz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.xz.sha512">SHA512</a>] </li> </ul> <h3 class="section"> @@ -358,17 +358,17 @@ directory</a>, rather than from a mirror using</p> <p><code> % pgpk -a KEYS<br /> -% pgpv apache-ant-1.10.7-bin.tar.gz.asc<br /> +% pgpv apache-ant-1.10.8-bin.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % pgp -ka KEYS<br /> -% pgp apache-ant-1.10.7-bin.tar.gz.asc<br /> +% pgp apache-ant-1.10.8-bin.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % gpg --import KEYS<br /> -% gpg --verify apache-ant-1.10.7-bin.tar.gz.asc +% gpg --verify apache-ant-1.10.8-bin.tar.gz.asc </code></p> <p>A command line version of <a href="https://www.gnupg.org/download/">GnuPG</a> is also available for Windows users. Follow the Modified: ant/site/ant/production/faq.html URL: http://svn.apache.org/viewvc/ant/site/ant/production/faq.html?rev=1877701&r1=1877700&r2=1877701&view=diff ============================================================================== --- ant/site/ant/production/faq.html (original) +++ ant/site/ant/production/faq.html Wed May 13 16:26:21 2020 @@ -939,6 +939,16 @@ <tr> <td colspan="1" rowspan="1" valign="top" align="left"> + 1.9.15 + </td> + <td colspan="1" rowspan="1" + valign="top" align="left"> + 13 May 2020 + </td> + </tr> + <tr> + <td colspan="1" rowspan="1" + valign="top" align="left"> 1.10.0 </td> <td colspan="1" rowspan="1" @@ -1006,6 +1016,16 @@ 5 Sep 2019 </td> </tr> + <tr> + <td colspan="1" rowspan="1" + valign="top" align="left"> + 1.10.8 + </td> + <td colspan="1" rowspan="1" + valign="top" align="left"> + 13 May 2020 + </td> + </tr> </table> <p class="faq"> <a name="java-version"></a> Modified: ant/site/ant/production/index.html URL: http://svn.apache.org/viewvc/ant/site/ant/production/index.html?rev=1877701&r1=1877700&r2=1877701&view=diff ============================================================================== --- ant/site/ant/production/index.html (original) +++ ant/site/ant/production/index.html Wed May 13 16:26:21 2020 @@ -250,11 +250,11 @@ the <a href="https://www.apache.org/">Apache Software Foundation</a>.</p> <h3 class="section"> - <a name="Apache Ant 1.10.7"></a> - Apache Ant 1.10.7 + <a name="Apache Ant 1.9.15 and 1.10.8"></a> + Apache Ant 1.9.15 and 1.10.8 </h3> - <h3>Sep 5, 2019 - Apache Ant 1.10.7 Released</h3> - <p>Apache Ant 1.10.7 is now available for download as source or + <h3>May 13, 2020 - Apache Ant 1.9.15 and 1.10.8 Released</h3> + <p>Apache Ant 1.9.15 and 1.10.8 are now available for download as source or binary from <a href="https://ant.apache.org/bindownload.cgi">https://ant.apache.org/bindownload.cgi</a>.</p> <p>The Apache Ant team currently maintains two lines of @@ -264,82 +264,12 @@ features are developed for 1.10.x. We recommend using 1.10.x unless you are required to use versions of Java prior to Java8 during the build process.</p> - <p>Ant 1.10.7 is mainly a bug fix release with few minor enhancements. - This release includes a major regression fix, which prevented the - previous 1.10.6 release to be unusable on Java 8 runtimes. - Among the enhancements, the junitlauncher task now allows including - or excluding JUnit 5 "tags" during test execution. - </p> - <h3 class="section"> - <a name="Apache Ant 1.10.6"></a> - Apache Ant 1.10.6 - </h3> - <h3>May 8, 2019 - Apache Ant 1.10.6 Released</h3> - <p>Apache Ant 1.10.6 is now available for download as source or - binary from - <a href="https://ant.apache.org/bindownload.cgi">https://ant.apache.org/bindownload.cgi</a>.</p> - <p>The Apache Ant team currently maintains two lines of - development. The 1.9.x releases require Java5 at runtime and 1.10.x - requires Java8 at runtime. Both lines are based off of Ant 1.9.7 and - the 1.9.x releases are mostly bug fix releases while additional new - features are developed for 1.10.x. We recommend using 1.10.x unless - you are required to use versions of Java prior to Java8 during the - build process.</p> - <p>Ant 1.10.6 consists several bug fixes as well as enhancements, - including, but not limited to: - <ul> - <li> - <code>junitlauncher</code> task now supports <code>fork</code> - mode, to launch the tests in a forked JVM. - </li> - <li> - New tasks <code>jmod</code> and <code>link</code> have been - introduced to support <code>jmod</code> and <code>jlink</code> - tools of JDK 9+. - </li> - </ul> - </p> - <h3 class="section"> - <a name="Apache Ant 1.9.14"></a> - Apache Ant 1.9.14 - </h3> - <h3>March 17, 2019 - Apache Ant 1.9.14 Released</h3> - <p>Apache Ant 1.9.14 is now available for download as source or - binary from - <a href="https://ant.apache.org/bindownload.cgi">https://ant.apache.org/bindownload.cgi</a>.</p> - <p>The Apache Ant team currently maintains two lines of - development. The 1.9.x releases require Java5 at runtime and 1.10.x - requires Java8 at runtime. Both lines are based off of Ant 1.9.7 and - the 1.9.x releases are mostly bug fix releases while additional new - features are developed for 1.10.x. We recommend using 1.10.x unless - you are required to use versions of Java prior to Java8 during the - build process.</p> - <p>Ant 1.9.14 mainly consists of bug fixes and some enhancements in - the <code>signjar</code> and <code>verifyjar</code> tasks</p> - <h3 class="section"> - <a name="Apache Ant 1.9.13 and 1.10.5"></a> - Apache Ant 1.9.13 and 1.10.5 - </h3> - <h3>Jul 13, 2018 - Apache Ant 1.9.13 and 1.10.5 Released</h3> - <p>Apache Ant 1.9.13 and 1.10.5 are now available for download as source or - binary from - <a href="https://ant.apache.org/bindownload.cgi">https://ant.apache.org/bindownload.cgi</a>.</p> - <p>The Apache Ant team currently maintains two lines of - development. The 1.9.x releases require Java5 at runtime and 1.10.x - requires Java8 at runtime. Both lines are based off of Ant 1.9.7 and - the 1.9.x releases are mostly bug fix releases while additional new - features are developed for 1.10.x. We recommend using 1.10.x unless - you are required to use versions of Java prior to Java8 during the - build process.</p> - <p>Ant 1.10.5 contains a superset of 1.9.13 - with the exception of + <p>Ant 1.10.8 contains a superset of 1.9.15 - with the exception of a few tasks and features that no longer work with Java8 anyway (like the <code>apt</code> task).</p> - <p>Both releases fix a regression in the <code>get</code> task and - a bug inside the path traversal protection of the unarchiving - tasks that was introduced with 1.9.12 and 1.10.4 - respectively.</p> - <p>Ant 1.10.5's <code>java</code> task adds support for the single - file source execution feature introduced with Java 11.</p> + <p>Both releases address a insecure temporary file vulnerability + vulnerability, see the <a href="./security.html">security + report</a> for details.</p> <h3 class="section"> <a name="Apache AntUnit 1.4"></a> Apache AntUnit 1.4 @@ -430,7 +360,7 @@ Documentation </h3> <p> -You can view the documentation for the current release (Apache Ant 1.10.5) +You can view the documentation for the current release (Apache Ant 1.10.8) <a href="manual/index.html">online</a> </p> <p> Modified: ant/site/ant/production/manual-1.9.x/running.html URL: http://svn.apache.org/viewvc/ant/site/ant/production/manual-1.9.x/running.html?rev=1877701&r1=1877700&r2=1877701&view=diff ============================================================================== --- ant/site/ant/production/manual-1.9.x/running.html (original) +++ ant/site/ant/production/manual-1.9.x/running.html Wed May 13 16:26:21 2020 @@ -553,8 +553,8 @@ on the platform and the JVM implementati <p><b>Security Note:</b> Using the default temporary directory specified by <code>java.io.tmpdir</code> can result in the leakage of -sensitive information or possibly allow an attacker to execute -arbitrary code. This is especially true in multi-user environments. It +sensitive information or possibly allow an attacker to inject source +files into the build process. This is especially true in multi-user is recommended that <code>ant.tmpdir</code> be set to a directory owned by the user running Ant with 0700 permissions.</p> Modified: ant/site/ant/production/manual/running.html URL: http://svn.apache.org/viewvc/ant/site/ant/production/manual/running.html?rev=1877701&r1=1877700&r2=1877701&view=diff ============================================================================== --- ant/site/ant/production/manual/running.html (original) +++ ant/site/ant/production/manual/running.html Wed May 13 16:26:21 2020 @@ -525,11 +525,11 @@ on the platform and the JVM implementati <p><b>Security Note:</b> Using the default temporary directory specified by <code>java.io.tmpdir</code> can result in the leakage of -sensitive information or possibly allow an attacker to execute -arbitrary code. This is especially true in multi-user environments. It -is recommended that <code>ant.tmpdir</code> be set to a directory -owned by the user running Ant with 0700 permissions. Ant 1.10.8 and -later will try to make temporary files created by it only +sensitive information or possibly allow an attacker to inject source +files into the build process. This is especially true in multi-user +environments. It is recommended that <code>ant.tmpdir</code> be set to +a directory owned by the user running Ant with 0700 permissions. Ant +1.10.8 and later will try to make temporary files created by it only readable/writable by the current user but may silently fail to do so depending on the OS and filesystem.</p> Modified: ant/site/ant/production/manualdownload.html URL: http://svn.apache.org/viewvc/ant/site/ant/production/manualdownload.html?rev=1877701&r1=1877700&r2=1877701&view=diff ============================================================================== --- ant/site/ant/production/manualdownload.html (original) +++ ant/site/ant/production/manualdownload.html Wed May 13 16:26:21 2020 @@ -269,13 +269,13 @@ Other mirrors: <select name="Preferred"> features are developed for 1.10.x. We recommend using 1.10.x unless you are required to use versions of Java prior to Java8 during the build process.</p> - <p>Currently, Apache Ant 1.9.14 and 1.10.7 are the best available + <p>Currently, Apache Ant 1.9.15 and 1.10.8 are the best available versions, see the <a href="[preferred]/ant/README.html">release notes</a>.</p> <div class="warning"> <div class="label">Note</div> -<div class="content">Ant 1.10.7 has been released on -5-Sep-2019 and may not be available on all mirrors for a few +<div class="content">Ant 1.10.8 and 1.9.15 have been released on +13-May-2020 and may not be available on all mirrors for a few days.</div> </div> <br /> @@ -285,50 +285,50 @@ days.</div> require gnu tar to do the extraction.</div> </div> <h3 class="section"> - <a name="1.9.14 release - requires minimum of Java 5 at runtime"></a> - 1.9.14 release - requires minimum of Java 5 at runtime + <a name="1.9.15 release - requires minimum of Java 5 at runtime"></a> + 1.9.15 release - requires minimum of Java 5 at runtime </h3> <ul> - <li>1.9.14 <code>.zip</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.9.14-manual.zip">apache-ant-1.9.14-manual.zip</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.14-manual.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.14-manual.zip.sha512">SHA512</a>] - </li> - <li>1.9.14 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.9.14-manual.tar.gz">apache-ant-1.9.14-manual.tar.gz</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.14-manual.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.14-manual.tar.gz.sha512">SHA512</a>] - </li> - <li>1.9.14 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.9.14-manual.tar.bz2">apache-ant-1.9.14-manual.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.14-manual.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.14-manual.tar.bz2.sha512">SHA512</a>] + <li>1.9.15 <code>.zip</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.9.15-manual.zip">apache-ant-1.9.15-manual.zip</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.15-manual.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.15-manual.zip.sha512">SHA512</a>] + </li> + <li>1.9.15 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.9.15-manual.tar.gz">apache-ant-1.9.15-manual.tar.gz</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.15-manual.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.15-manual.tar.gz.sha512">SHA512</a>] + </li> + <li>1.9.15 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.9.15-manual.tar.bz2">apache-ant-1.9.15-manual.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.15-manual.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.15-manual.tar.bz2.sha512">SHA512</a>] </li> </ul> <h3 class="section"> - <a name="1.10.7 release - requires minimum of Java 8 at runtime"></a> - 1.10.7 release - requires minimum of Java 8 at runtime + <a name="1.10.8 release - requires minimum of Java 8 at runtime"></a> + 1.10.8 release - requires minimum of Java 8 at runtime </h3> <ul> - <li>1.10.7 <code>.zip</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.10.7-manual.zip">apache-ant-1.10.7-manual.zip</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.7-manual.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.7-manual.zip.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.10.7-manual.tar.gz">apache-ant-1.10.7-manual.tar.gz</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.7-manual.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.7-manual.tar.gz.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.10.7-manual.tar.bz2">apache-ant-1.10.7-manual.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.7-manual.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.7-manual.tar.bz2.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.xz</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.10.7-manual.tar.xz">apache-ant-1.10.7-manual.tar.xz</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.7-manual.tar.xz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.7-manual.tar.xz.sha512">SHA512</a>] + <li>1.10.8 <code>.zip</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.10.8-manual.zip">apache-ant-1.10.8-manual.zip</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.zip.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.10.8-manual.tar.gz">apache-ant-1.10.8-manual.tar.gz</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.gz.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.10.8-manual.tar.bz2">apache-ant-1.10.8-manual.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.bz2.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.xz</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.10.8-manual.tar.xz">apache-ant-1.10.8-manual.tar.xz</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.xz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.xz.sha512">SHA512</a>] </li> </ul> <h3 class="section"> @@ -352,17 +352,17 @@ directory</a>, rather than from a mirror using</p> <p><code> % pgpk -a KEYS<br /> -% pgpv apache-ant-1.10.7-manual.tar.gz.asc<br /> +% pgpv apache-ant-1.10.8-manual.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % pgp -ka KEYS<br /> -% pgp apache-ant-1.10.7-manual.tar.gz.asc<br /> +% pgp apache-ant-1.10.8-manual.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % gpg --import KEYS<br /> -% gpg --verify apache-ant-1.10.7-manual.tar.gz.asc +% gpg --verify apache-ant-1.10.8-manual.tar.gz.asc </code></p> <p>A command line version of <a href="https://www.gnupg.org/download/">GnuPG</a> is also available for Windows users. Follow the Modified: ant/site/ant/production/security.html URL: http://svn.apache.org/viewvc/ant/site/ant/production/security.html?rev=1877701&r1=1877700&r2=1877701&view=diff ============================================================================== --- ant/site/ant/production/security.html (original) +++ ant/site/ant/production/security.html Wed May 13 16:26:21 2020 @@ -265,6 +265,34 @@ the descriptions here are incomplete, please report them privately to the Apache Security Team. Thank you.</p> <h4 class="subsection"> + <a name="Fixed in Apache Ant 1.10.8"></a> + Fixed in Apache Ant 1.10.8 + </h4> + <p><b>Medium: insecure temporary file vulnerability</b> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945">CVE-2020-1945</a></p> + <p>Apache Ant uses the default temporary directory + identified by the Java system property + <code>java.io.tmpdir</code> for several tasks and may thus + leak sensitive information. The fixcrlf and replaceregexp + tasks also copy files from the temporary directory back into + the build tree allowing an attacker to inject modified + source files into the build process.</p> + <p><b>Mitigation:</b> Ant users of versions 1.1 to 1.9.14 + and 1.10.0 to 1.10.7 should set the java.io.tmpdir system + property to point to a directory only readable and writable + by the current user prior to running Ant.</p> + <p>Users of versions 1.9.15 and 1.10.8 can use the Ant + property <code>ant.tmpfile</code> instead. Users of Ant + 1.10.8 can rely on Ant protecting the temporary files if the + underlying filesystem allows it, but we still recommend + using a private temporary directory instead.</p> + <p>This was fixed in revisions + <a href="https://gitbox.apache.org/repos/asf?p=ant.git;a=commit;h=9c1f4d905da59bf446570ac28df5b68a37281f35">9c1f4d905da59bf446570ac28df5b68a37281f35</a>, + <a href="https://gitbox.apache.org/repos/asf?p=ant.git;a=commit;h=041b058c7bf10a94d56db3ca9dba38cf90ab9943">041b058c7bf10a94d56db3ca9dba38cf90ab9943</a> and + <a href="https://gitbox.apache.org/repos/asf?p=ant.git;a=commit;h=a8645a151bc706259fb1789ef587d05482d98612">a8645a151bc706259fb1789ef587d05482d98612</a>.</p> + <p>This was first reported to the Security Team on 29 + January 2020 and made public on 13 May 2020</p> + <p>Affects: until 1.10.7</p> + <h4 class="subsection"> <a name="Fixed in Apache Ant 1.9.10 / Ant 1.10.2"></a> Fixed in Apache Ant 1.9.10 / Ant 1.10.2 </h4> Modified: ant/site/ant/production/srcdownload.html URL: http://svn.apache.org/viewvc/ant/site/ant/production/srcdownload.html?rev=1877701&r1=1877700&r2=1877701&view=diff ============================================================================== --- ant/site/ant/production/srcdownload.html (original) +++ ant/site/ant/production/srcdownload.html Wed May 13 16:26:21 2020 @@ -273,13 +273,13 @@ Other mirrors: <select name="Preferred"> features are developed for 1.10.x. We recommend using 1.10.x unless you are required to use versions of Java prior to Java8 during the build process.</p> - <p>Currently, Apache Ant 1.9.14 and 1.10.7 are the best available + <p>Currently, Apache Ant 1.9.15 and 1.10.8 are the best available versions, see the <a href="[preferred]/ant/README.html">release notes</a>.</p> <div class="warning"> <div class="label">Note</div> -<div class="content">Ant 1.10.7 has been released on -5-Sep-2019 and may not be available on all mirrors for a few +<div class="content">Ant 1.10.8 and 1.9.15 have been released on +13-May-2020 and may not be available on all mirrors for a few days.</div> </div> <br /> @@ -289,50 +289,50 @@ days.</div> require gnu tar to do the extraction.</div> </div> <h3 class="section"> - <a name="1.9.14 release - requires minimum of Java 5 at runtime"></a> - 1.9.14 release - requires minimum of Java 5 at runtime + <a name="1.9.15 release - requires minimum of Java 5 at runtime"></a> + 1.9.15 release - requires minimum of Java 5 at runtime </h3> <ul> - <li>1.9.14 <code>.zip</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.9.14-src.zip">apache-ant-1.9.14-src.zip</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.14-src.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.14-src.zip.sha512">SHA512</a>] - </li> - <li>1.9.14 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.9.14-src.tar.gz">apache-ant-1.9.14-src.tar.gz</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.14-src.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.14-src.tar.gz.sha512">SHA512</a>] - </li> - <li>1.9.14 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.9.14-src.tar.bz2">apache-ant-1.9.14-src.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.14-src.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.14-src.tar.bz2.sha512">SHA512</a>] + <li>1.9.15 <code>.zip</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.9.15-src.zip">apache-ant-1.9.15-src.zip</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.15-src.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.15-src.zip.sha512">SHA512</a>] + </li> + <li>1.9.15 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.9.15-src.tar.gz">apache-ant-1.9.15-src.tar.gz</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.15-src.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.15-src.tar.gz.sha512">SHA512</a>] + </li> + <li>1.9.15 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.9.15-src.tar.bz2">apache-ant-1.9.15-src.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.15-src.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.15-src.tar.bz2.sha512">SHA512</a>] </li> </ul> <h3 class="section"> - <a name="1.10.7 release - requires minimum of Java 8 at runtime"></a> - 1.10.7 release - requires minimum of Java 8 at runtime + <a name="1.10.8 release - requires minimum of Java 8 at runtime"></a> + 1.10.8 release - requires minimum of Java 8 at runtime </h3> <ul> - <li>1.10.7 <code>.zip</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.10.7-src.zip">apache-ant-1.10.7-src.zip</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.7-src.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.7-src.zip.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.10.7-src.tar.gz">apache-ant-1.10.7-src.tar.gz</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.7-src.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.7-src.tar.gz.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.10.7-src.tar.bz2">apache-ant-1.10.7-src.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.7-src.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.7-src.tar.bz2.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.xz</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.10.7-src.tar.xz">apache-ant-1.10.7-src.tar.xz</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.7-src.tar.xz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.7-src.tar.xz.sha512">SHA512</a>] + <li>1.10.8 <code>.zip</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.10.8-src.zip">apache-ant-1.10.8-src.zip</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.zip.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.10.8-src.tar.gz">apache-ant-1.10.8-src.tar.gz</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.gz.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.10.8-src.tar.bz2">apache-ant-1.10.8-src.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.bz2.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.xz</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.10.8-src.tar.xz">apache-ant-1.10.8-src.tar.xz</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.xz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.xz.sha512">SHA512</a>] </li> </ul> <h3 class="section"> @@ -356,17 +356,17 @@ directory</a>, rather than from a mirror using</p> <p><code> % pgpk -a KEYS<br /> -% pgpv apache-ant-1.10.7-src.tar.gz.asc<br /> +% pgpv apache-ant-1.10.8-src.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % pgp -ka KEYS<br /> -% pgp apache-ant-1.10.7-src.tar.gz.asc<br /> +% pgp apache-ant-1.10.8-src.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % gpg --import KEYS<br /> -% gpg --verify apache-ant-1.10.7-src.tar.gz.asc +% gpg --verify apache-ant-1.10.8-src.tar.gz.asc </code></p> <p>Alternatively, you can verify the checksums on the files. Unix programs called <code>sha1</code>/<code>sha512</code> or Modified: ant/site/ant/sources/antnews.xml URL: http://svn.apache.org/viewvc/ant/site/ant/sources/antnews.xml?rev=1877701&r1=1877700&r2=1877701&view=diff ============================================================================== --- ant/site/ant/sources/antnews.xml (original) +++ ant/site/ant/sources/antnews.xml Wed May 13 16:26:21 2020 @@ -28,6 +28,30 @@ </properties> <body> + <section name="Apache Ant 1.9.15 and 1.10.8"> + <h3>May 13, 2020 - Apache Ant 1.9.15 and 1.10.8 Released</h3> + <p>Apache Ant 1.9.15 and 1.10.8 are now available for download as source or + binary from + <a href="https://ant.apache.org/bindownload.cgi">https://ant.apache.org/bindownload.cgi</a>.</p> + + <p>The Apache Ant team currently maintains two lines of + development. The 1.9.x releases require Java5 at runtime and 1.10.x + requires Java8 at runtime. Both lines are based off of Ant 1.9.7 and + the 1.9.x releases are mostly bug fix releases while additional new + features are developed for 1.10.x. We recommend using 1.10.x unless + you are required to use versions of Java prior to Java8 during the + build process.</p> + + <p>Ant 1.10.8 contains a superset of 1.9.15 - with the exception of + a few tasks and features that no longer work with Java8 anyway + (like the <code>apt</code> task).</p> + + <p>Both releases address a insecure temporary file vulnerability + vulnerability, see the <a href="./security.html">security + report</a> for details.</p> + + </section> + <section name="Apache Ant 1.10.7"> <h3>Sep 5, 2019 - Apache Ant 1.10.7 Released</h3> <p>Apache Ant 1.10.7 is now available for download as source or Modified: ant/site/ant/sources/bindownload.xml URL: http://svn.apache.org/viewvc/ant/site/ant/sources/bindownload.xml?rev=1877701&r1=1877700&r2=1877701&view=diff ============================================================================== --- ant/site/ant/sources/bindownload.xml (original) +++ ant/site/ant/sources/bindownload.xml Wed May 13 16:26:21 2020 @@ -88,14 +88,14 @@ Other mirrors: <select name="Preferred"> you are required to use versions of Java prior to Java8 during the build process.</p> - <p>Currently, Apache Ant 1.9.14 and 1.10.7 are the best available + <p>Currently, Apache Ant 1.9.15 and 1.10.8 are the best available versions, see the <a href="[preferred]/ant/README.html">release notes</a>.</p> <div class="warning"> <div class="label">Note</div> -<div class="content">Ant 1.10.7 has been released on -5-Sep-2019 and may not be available on all mirrors for a few +<div class="content">Ant 1.10.8 and 1.9.15 have been released on +13-May-2020 and may not be available on all mirrors for a few days.</div> </div> <br></br> @@ -106,47 +106,47 @@ days.</div> </div> </section> -<section name="1.9.14 release - requires minimum of Java 5 at runtime"> +<section name="1.9.15 release - requires minimum of Java 5 at runtime"> <ul> - <li>1.9.14 <code>.zip</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.9.14-bin.zip">apache-ant-1.9.14-bin.zip</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.14-bin.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.14-bin.zip.sha512">SHA512</a>] - </li> - <li>1.9.14 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.9.14-bin.tar.gz">apache-ant-1.9.14-bin.tar.gz</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.14-bin.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.14-bin.tar.gz.sha512">SHA512</a>] - </li> - <li>1.9.14 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.9.14-bin.tar.bz2">apache-ant-1.9.14-bin.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.14-bin.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.14-bin.tar.bz2.sha512">SHA512</a>] + <li>1.9.15 <code>.zip</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.9.15-bin.zip">apache-ant-1.9.15-bin.zip</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.15-bin.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.15-bin.zip.sha512">SHA512</a>] + </li> + <li>1.9.15 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.9.15-bin.tar.gz">apache-ant-1.9.15-bin.tar.gz</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.15-bin.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.15-bin.tar.gz.sha512">SHA512</a>] + </li> + <li>1.9.15 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.9.15-bin.tar.bz2">apache-ant-1.9.15-bin.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.15-bin.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.9.15-bin.tar.bz2.sha512">SHA512</a>] </li> </ul> </section> -<section name="1.10.7 release - requires minimum of Java 8 at runtime"> +<section name="1.10.8 release - requires minimum of Java 8 at runtime"> <ul> - <li>1.10.7 <code>.zip</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.10.7-bin.zip">apache-ant-1.10.7-bin.zip</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.7-bin.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.7-bin.zip.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.10.7-bin.tar.gz">apache-ant-1.10.7-bin.tar.gz</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.7-bin.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.7-bin.tar.gz.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.10.7-bin.tar.bz2">apache-ant-1.10.7-bin.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.7-bin.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.7-bin.tar.bz2.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.xz</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.10.7-bin.tar.xz">apache-ant-1.10.7-bin.tar.xz</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.7-bin.tar.xz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.7-bin.tar.xz.sha512">SHA512</a>] + <li>1.10.8 <code>.zip</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.10.8-bin.zip">apache-ant-1.10.8-bin.zip</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.zip.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.10.8-bin.tar.gz">apache-ant-1.10.8-bin.tar.gz</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.gz.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.10.8-bin.tar.bz2">apache-ant-1.10.8-bin.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.bz2.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.xz</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.10.8-bin.tar.xz">apache-ant-1.10.8-bin.tar.xz</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.xz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.xz.sha512">SHA512</a>] </li> </ul> </section> @@ -176,17 +176,17 @@ using</p> <p><code> % pgpk -a KEYS<br /> -% pgpv apache-ant-1.10.7-bin.tar.gz.asc<br /> +% pgpv apache-ant-1.10.8-bin.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % pgp -ka KEYS<br /> -% pgp apache-ant-1.10.7-bin.tar.gz.asc<br /> +% pgp apache-ant-1.10.8-bin.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % gpg --import KEYS<br /> -% gpg --verify apache-ant-1.10.7-bin.tar.gz.asc +% gpg --verify apache-ant-1.10.8-bin.tar.gz.asc </code></p> <p>A command line version of <a href="https://www.gnupg.org/download/">GnuPG</a> Modified: ant/site/ant/sources/faq.xml URL: http://svn.apache.org/viewvc/ant/site/ant/sources/faq.xml?rev=1877701&r1=1877700&r2=1877701&view=diff ============================================================================== --- ant/site/ant/sources/faq.xml (original) +++ ant/site/ant/sources/faq.xml Wed May 13 16:26:21 2020 @@ -288,6 +288,10 @@ <td>17 Mar 2019</td> </tr> <tr> + <td>1.9.15</td> + <td>13 May 2020</td> + </tr> + <tr> <td>1.10.0</td> <td>31 Dec 2016</td> </tr> @@ -315,6 +319,10 @@ <td>1.10.7</td> <td>5 Sep 2019</td> </tr> + <tr> + <td>1.10.8</td> + <td>13 May 2020</td> + </tr> </table> </answer> </faq> Modified: ant/site/ant/sources/index.xml URL: http://svn.apache.org/viewvc/ant/site/ant/sources/index.xml?rev=1877701&r1=1877700&r2=1877701&view=diff ============================================================================== --- ant/site/ant/sources/index.xml (original) +++ ant/site/ant/sources/index.xml Wed May 13 16:26:21 2020 @@ -56,9 +56,9 @@ the <a href="https://www.apache.org/">Apache Software Foundation</a>.</p> </section> - <section name="Apache Ant 1.10.7"> - <h3>Sep 5, 2019 - Apache Ant 1.10.7 Released</h3> - <p>Apache Ant 1.10.7 is now available for download as source or + <section name="Apache Ant 1.9.15 and 1.10.8"> + <h3>May 13, 2020 - Apache Ant 1.9.15 and 1.10.8 Released</h3> + <p>Apache Ant 1.9.15 and 1.10.8 are now available for download as source or binary from <a href="https://ant.apache.org/bindownload.cgi">https://ant.apache.org/bindownload.cgi</a>.</p> @@ -70,85 +70,14 @@ you are required to use versions of Java prior to Java8 during the build process.</p> - <p>Ant 1.10.7 is mainly a bug fix release with few minor enhancements. - This release includes a major regression fix, which prevented the - previous 1.10.6 release to be unusable on Java 8 runtimes. - Among the enhancements, the junitlauncher task now allows including - or excluding JUnit 5 "tags" during test execution. - </p> - </section> - <section name="Apache Ant 1.10.6"> - <h3>May 8, 2019 - Apache Ant 1.10.6 Released</h3> - <p>Apache Ant 1.10.6 is now available for download as source or - binary from - <a href="https://ant.apache.org/bindownload.cgi">https://ant.apache.org/bindownload.cgi</a>.</p> - - <p>The Apache Ant team currently maintains two lines of - development. The 1.9.x releases require Java5 at runtime and 1.10.x - requires Java8 at runtime. Both lines are based off of Ant 1.9.7 and - the 1.9.x releases are mostly bug fix releases while additional new - features are developed for 1.10.x. We recommend using 1.10.x unless - you are required to use versions of Java prior to Java8 during the - build process.</p> - - <p>Ant 1.10.6 consists several bug fixes as well as enhancements, - including, but not limited to: - <ul> - <li> - <code>junitlauncher</code> task now supports <code>fork</code> - mode, to launch the tests in a forked JVM. - </li> - <li> - New tasks <code>jmod</code> and <code>link</code> have been - introduced to support <code>jmod</code> and <code>jlink</code> - tools of JDK 9+. - </li> - </ul> - </p> - </section> - <section name="Apache Ant 1.9.14"> - <h3>March 17, 2019 - Apache Ant 1.9.14 Released</h3> - <p>Apache Ant 1.9.14 is now available for download as source or - binary from - <a href="https://ant.apache.org/bindownload.cgi">https://ant.apache.org/bindownload.cgi</a>.</p> - - <p>The Apache Ant team currently maintains two lines of - development. The 1.9.x releases require Java5 at runtime and 1.10.x - requires Java8 at runtime. Both lines are based off of Ant 1.9.7 and - the 1.9.x releases are mostly bug fix releases while additional new - features are developed for 1.10.x. We recommend using 1.10.x unless - you are required to use versions of Java prior to Java8 during the - build process.</p> - - <p>Ant 1.9.14 mainly consists of bug fixes and some enhancements in - the <code>signjar</code> and <code>verifyjar</code> tasks</p> - - </section> - <section name="Apache Ant 1.9.13 and 1.10.5"> - <h3>Jul 13, 2018 - Apache Ant 1.9.13 and 1.10.5 Released</h3> - <p>Apache Ant 1.9.13 and 1.10.5 are now available for download as source or - binary from - <a href="https://ant.apache.org/bindownload.cgi">https://ant.apache.org/bindownload.cgi</a>.</p> - - <p>The Apache Ant team currently maintains two lines of - development. The 1.9.x releases require Java5 at runtime and 1.10.x - requires Java8 at runtime. Both lines are based off of Ant 1.9.7 and - the 1.9.x releases are mostly bug fix releases while additional new - features are developed for 1.10.x. We recommend using 1.10.x unless - you are required to use versions of Java prior to Java8 during the - build process.</p> - - <p>Ant 1.10.5 contains a superset of 1.9.13 - with the exception of + <p>Ant 1.10.8 contains a superset of 1.9.15 - with the exception of a few tasks and features that no longer work with Java8 anyway (like the <code>apt</code> task).</p> - <p>Both releases fix a regression in the <code>get</code> task and - a bug inside the path traversal protection of the unarchiving - tasks that was introduced with 1.9.12 and 1.10.4 - respectively.</p> + <p>Both releases address a insecure temporary file vulnerability + vulnerability, see the <a href="./security.html">security + report</a> for details.</p> - <p>Ant 1.10.5's <code>java</code> task adds support for the single - file source execution feature introduced with Java 11.</p> </section> <section name="Apache AntUnit 1.4"> @@ -244,7 +173,7 @@ <section name="Documentation"> <p> -You can view the documentation for the current release (Apache Ant 1.10.5) +You can view the documentation for the current release (Apache Ant 1.10.8) <a href="manual/index.html">online</a> </p> Modified: ant/site/ant/sources/manualdownload.xml URL: http://svn.apache.org/viewvc/ant/site/ant/sources/manualdownload.xml?rev=1877701&r1=1877700&r2=1877701&view=diff ============================================================================== --- ant/site/ant/sources/manualdownload.xml (original) +++ ant/site/ant/sources/manualdownload.xml Wed May 13 16:26:21 2020 @@ -83,14 +83,14 @@ Other mirrors: <select name="Preferred"> you are required to use versions of Java prior to Java8 during the build process.</p> - <p>Currently, Apache Ant 1.9.14 and 1.10.7 are the best available + <p>Currently, Apache Ant 1.9.15 and 1.10.8 are the best available versions, see the <a href="[preferred]/ant/README.html">release notes</a>.</p> <div class="warning"> <div class="label">Note</div> -<div class="content">Ant 1.10.7 has been released on -5-Sep-2019 and may not be available on all mirrors for a few +<div class="content">Ant 1.10.8 and 1.9.15 have been released on +13-May-2020 and may not be available on all mirrors for a few days.</div> </div> <br></br> @@ -101,47 +101,47 @@ days.</div> </div> </section> -<section name="1.9.14 release - requires minimum of Java 5 at runtime"> +<section name="1.9.15 release - requires minimum of Java 5 at runtime"> <ul> - <li>1.9.14 <code>.zip</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.9.14-manual.zip">apache-ant-1.9.14-manual.zip</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.14-manual.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.14-manual.zip.sha512">SHA512</a>] - </li> - <li>1.9.14 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.9.14-manual.tar.gz">apache-ant-1.9.14-manual.tar.gz</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.14-manual.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.14-manual.tar.gz.sha512">SHA512</a>] - </li> - <li>1.9.14 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.9.14-manual.tar.bz2">apache-ant-1.9.14-manual.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.14-manual.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.14-manual.tar.bz2.sha512">SHA512</a>] + <li>1.9.15 <code>.zip</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.9.15-manual.zip">apache-ant-1.9.15-manual.zip</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.15-manual.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.15-manual.zip.sha512">SHA512</a>] + </li> + <li>1.9.15 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.9.15-manual.tar.gz">apache-ant-1.9.15-manual.tar.gz</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.15-manual.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.15-manual.tar.gz.sha512">SHA512</a>] + </li> + <li>1.9.15 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.9.15-manual.tar.bz2">apache-ant-1.9.15-manual.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.15-manual.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.9.15-manual.tar.bz2.sha512">SHA512</a>] </li> </ul> </section> -<section name="1.10.7 release - requires minimum of Java 8 at runtime"> +<section name="1.10.8 release - requires minimum of Java 8 at runtime"> <ul> - <li>1.10.7 <code>.zip</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.10.7-manual.zip">apache-ant-1.10.7-manual.zip</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.7-manual.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.7-manual.zip.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.10.7-manual.tar.gz">apache-ant-1.10.7-manual.tar.gz</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.7-manual.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.7-manual.tar.gz.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.10.7-manual.tar.bz2">apache-ant-1.10.7-manual.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.7-manual.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.7-manual.tar.bz2.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.xz</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.10.7-manual.tar.xz">apache-ant-1.10.7-manual.tar.xz</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.7-manual.tar.xz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.7-manual.tar.xz.sha512">SHA512</a>] + <li>1.10.8 <code>.zip</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.10.8-manual.zip">apache-ant-1.10.8-manual.zip</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.zip.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.10.8-manual.tar.gz">apache-ant-1.10.8-manual.tar.gz</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.gz.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.10.8-manual.tar.bz2">apache-ant-1.10.8-manual.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.bz2.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.xz</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.10.8-manual.tar.xz">apache-ant-1.10.8-manual.tar.xz</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.xz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.xz.sha512">SHA512</a>] </li> </ul> </section> @@ -169,17 +169,17 @@ using</p> <p><code> % pgpk -a KEYS<br /> -% pgpv apache-ant-1.10.7-manual.tar.gz.asc<br /> +% pgpv apache-ant-1.10.8-manual.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % pgp -ka KEYS<br /> -% pgp apache-ant-1.10.7-manual.tar.gz.asc<br /> +% pgp apache-ant-1.10.8-manual.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % gpg --import KEYS<br /> -% gpg --verify apache-ant-1.10.7-manual.tar.gz.asc +% gpg --verify apache-ant-1.10.8-manual.tar.gz.asc </code></p> <p>A command line version of <a href="https://www.gnupg.org/download/">GnuPG</a> Modified: ant/site/ant/sources/security.xml URL: http://svn.apache.org/viewvc/ant/site/ant/sources/security.xml?rev=1877701&r1=1877700&r2=1877701&view=diff ============================================================================== --- ant/site/ant/sources/security.xml (original) +++ ant/site/ant/sources/security.xml Wed May 13 16:26:21 2020 @@ -82,6 +82,40 @@ the descriptions here are incomplete, please report them privately to the Apache Security Team. Thank you.</p> + <subsection name="Fixed in Apache Ant 1.10.8"> + <p><b>Medium: insecure temporary file vulnerability</b> <a + href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945">CVE-2020-1945</a></p> + + <p>Apache Ant uses the default temporary directory + identified by the Java system property + <code>java.io.tmpdir</code> for several tasks and may thus + leak sensitive information. The fixcrlf and replaceregexp + tasks also copy files from the temporary directory back into + the build tree allowing an attacker to inject modified + source files into the build process.</p> + + <p><b>Mitigation:</b> Ant users of versions 1.1 to 1.9.14 + and 1.10.0 to 1.10.7 should set the java.io.tmpdir system + property to point to a directory only readable and writable + by the current user prior to running Ant.</p> + + <p>Users of versions 1.9.15 and 1.10.8 can use the Ant + property <code>ant.tmpfile</code> instead. Users of Ant + 1.10.8 can rely on Ant protecting the temporary files if the + underlying filesystem allows it, but we still recommend + using a private temporary directory instead.</p> + + <p>This was fixed in revisions + <a href="https://gitbox.apache.org/repos/asf?p=ant.git;a=commit;h=9c1f4d905da59bf446570ac28df5b68a37281f35">9c1f4d905da59bf446570ac28df5b68a37281f35</a>, + <a href="https://gitbox.apache.org/repos/asf?p=ant.git;a=commit;h=041b058c7bf10a94d56db3ca9dba38cf90ab9943">041b058c7bf10a94d56db3ca9dba38cf90ab9943</a> and + <a href="https://gitbox.apache.org/repos/asf?p=ant.git;a=commit;h=a8645a151bc706259fb1789ef587d05482d98612">a8645a151bc706259fb1789ef587d05482d98612</a>.</p> + + <p>This was first reported to the Security Team on 29 + January 2020 and made public on 13 May 2020</p> + + <p>Affects: until 1.10.7</p> + </subsection> + <subsection name="Fixed in Apache Ant 1.9.10 / Ant 1.10.2"> <p><b>Low: Denial of Service</b> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645">CVE-2017-5645</a></p> Modified: ant/site/ant/sources/srcdownload.xml URL: http://svn.apache.org/viewvc/ant/site/ant/sources/srcdownload.xml?rev=1877701&r1=1877700&r2=1877701&view=diff ============================================================================== --- ant/site/ant/sources/srcdownload.xml (original) +++ ant/site/ant/sources/srcdownload.xml Wed May 13 16:26:21 2020 @@ -85,14 +85,14 @@ Other mirrors: <select name="Preferred"> you are required to use versions of Java prior to Java8 during the build process.</p> - <p>Currently, Apache Ant 1.9.14 and 1.10.7 are the best available + <p>Currently, Apache Ant 1.9.15 and 1.10.8 are the best available versions, see the <a href="[preferred]/ant/README.html">release notes</a>.</p> <div class="warning"> <div class="label">Note</div> -<div class="content">Ant 1.10.7 has been released on -5-Sep-2019 and may not be available on all mirrors for a few +<div class="content">Ant 1.10.8 and 1.9.15 have been released on +13-May-2020 and may not be available on all mirrors for a few days.</div> </div> <br></br> @@ -103,47 +103,47 @@ days.</div> </div> </section> -<section name="1.9.14 release - requires minimum of Java 5 at runtime"> +<section name="1.9.15 release - requires minimum of Java 5 at runtime"> <ul> - <li>1.9.14 <code>.zip</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.9.14-src.zip">apache-ant-1.9.14-src.zip</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.14-src.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.14-src.zip.sha512">SHA512</a>] - </li> - <li>1.9.14 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.9.14-src.tar.gz">apache-ant-1.9.14-src.tar.gz</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.14-src.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.14-src.tar.gz.sha512">SHA512</a>] - </li> - <li>1.9.14 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.9.14-src.tar.bz2">apache-ant-1.9.14-src.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.14-src.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.14-src.tar.bz2.sha512">SHA512</a>] + <li>1.9.15 <code>.zip</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.9.15-src.zip">apache-ant-1.9.15-src.zip</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.15-src.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.15-src.zip.sha512">SHA512</a>] + </li> + <li>1.9.15 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.9.15-src.tar.gz">apache-ant-1.9.15-src.tar.gz</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.15-src.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.15-src.tar.gz.sha512">SHA512</a>] + </li> + <li>1.9.15 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.9.15-src.tar.bz2">apache-ant-1.9.15-src.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.15-src.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.9.15-src.tar.bz2.sha512">SHA512</a>] </li> </ul> </section> -<section name="1.10.7 release - requires minimum of Java 8 at runtime"> +<section name="1.10.8 release - requires minimum of Java 8 at runtime"> <ul> - <li>1.10.7 <code>.zip</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.10.7-src.zip">apache-ant-1.10.7-src.zip</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.7-src.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.7-src.zip.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.10.7-src.tar.gz">apache-ant-1.10.7-src.tar.gz</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.7-src.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.7-src.tar.gz.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.10.7-src.tar.bz2">apache-ant-1.10.7-src.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.7-src.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.7-src.tar.bz2.sha512">SHA512</a>] - </li> - <li>1.10.7 <code>.tar.xz</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.10.7-src.tar.xz">apache-ant-1.10.7-src.tar.xz</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.7-src.tar.xz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.7-src.tar.xz.sha512">SHA512</a>] + <li>1.10.8 <code>.zip</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.10.8-src.zip">apache-ant-1.10.8-src.zip</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.zip.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.10.8-src.tar.gz">apache-ant-1.10.8-src.tar.gz</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.gz.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.10.8-src.tar.bz2">apache-ant-1.10.8-src.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.bz2.sha512">SHA512</a>] + </li> + <li>1.10.8 <code>.tar.xz</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.10.8-src.tar.xz">apache-ant-1.10.8-src.tar.xz</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.xz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.xz.sha512">SHA512</a>] </li> </ul> </section> @@ -173,17 +173,17 @@ using</p> <p><code> % pgpk -a KEYS<br /> -% pgpv apache-ant-1.10.7-src.tar.gz.asc<br /> +% pgpv apache-ant-1.10.8-src.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % pgp -ka KEYS<br /> -% pgp apache-ant-1.10.7-src.tar.gz.asc<br /> +% pgp apache-ant-1.10.8-src.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % gpg --import KEYS<br /> -% gpg --verify apache-ant-1.10.7-src.tar.gz.asc +% gpg --verify apache-ant-1.10.8-src.tar.gz.asc </code></p> <p>Alternatively, you can verify the checksums on the files. Unix