https://bz.apache.org/bugzilla/show_bug.cgi?id=66144
--- Comment #4 from Peter De Maeyer <peter.de.mae...@gmail.com> --- I glanced at the pre-release ZIP and I can confirm that the vulnerable jquery-3.3.1 has been updated to a non-vulnerable jquery-3.5.1. I noticed that 3.5.1 is not the latest though, the latest is 3.6.2, or even 4.0.0 even if you're willing to accept a major version bump, but 3.5.1 is certainly good enough for now. In order to really confirm that our build passes Nexus IQ I'll need an official build downloadable from Maven Central, but I'm confident that it will be fixed in apache-ant-1.10.13. -- You are receiving this mail because: You are the assignee for the bug.
