This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ant-ivy.git
commit 6c0560f93ca421bc5ce210010b3c5f0bff01f2d9
Author: Stefan Bodewig <bode...@apache.org>
AuthorDate: Sun Aug 20 11:59:44 2023 +0200
update release notes with CVE-2022-46751
---
asciidoc/release-notes.adoc | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/asciidoc/release-notes.adoc b/asciidoc/release-notes.adoc
index 9f34ae99..653fa9ae 100644
--- a/asciidoc/release-notes.adoc
+++ b/asciidoc/release-notes.adoc
@@ -19,7 +19,7 @@
= Ivy Release Announcement
-XXXX Date XXXX - The Apache Ivy project is pleased to announce its 2.5.2
release.
+August 20 2023 - The Apache Ivy project is pleased to announce its 2.5.2
release.
== What is Ivy?
Apache Ivy is a tool for managing (recording, tracking, resolving and
reporting) project dependencies, characterized by flexibility,
@@ -38,6 +38,7 @@ Key features of this 2.5.2 release are:
- FIX: reading POMs may loose dependencies when multiple Maven
dependencies only differ in `classifier` (jira:IVY-1642[])
+- Fixes a Security Vulnerability, see
link:https://ant.apache.org/ivy/security.html[the scurity page] for details.
== List of Changes in this Release
@@ -57,6 +58,7 @@ For details about the following changes, check our JIRA
install at link:https://
- FIX: reading POMs may loose dependencies when multiple Maven
dependencies only differ in `classifier` (jira:IVY-1642[])
- IMPROVEMENT: Upgrade Apache HttpClient to 4.5.13 (jira:IVY-1644[])
+- FIX: CVE-2022-46751: Apache Ivy Is Vulnerable to XML External Entity
Injections
== Committers and Contributors
