This is an automated email from the ASF dual-hosted git repository. bodewig pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ant-ivy.git
commit 6c0560f93ca421bc5ce210010b3c5f0bff01f2d9 Author: Stefan Bodewig <bode...@apache.org> AuthorDate: Sun Aug 20 11:59:44 2023 +0200 update release notes with CVE-2022-46751 --- asciidoc/release-notes.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/asciidoc/release-notes.adoc b/asciidoc/release-notes.adoc index 9f34ae99..653fa9ae 100644 --- a/asciidoc/release-notes.adoc +++ b/asciidoc/release-notes.adoc @@ -19,7 +19,7 @@ = Ivy Release Announcement -XXXX Date XXXX - The Apache Ivy project is pleased to announce its 2.5.2 release. +August 20 2023 - The Apache Ivy project is pleased to announce its 2.5.2 release. == What is Ivy? Apache Ivy is a tool for managing (recording, tracking, resolving and reporting) project dependencies, characterized by flexibility, @@ -38,6 +38,7 @@ Key features of this 2.5.2 release are: - FIX: reading POMs may loose dependencies when multiple Maven dependencies only differ in `classifier` (jira:IVY-1642[]) +- Fixes a Security Vulnerability, see link:https://ant.apache.org/ivy/security.html[the scurity page] for details. == List of Changes in this Release @@ -57,6 +58,7 @@ For details about the following changes, check our JIRA install at link:https:// - FIX: reading POMs may loose dependencies when multiple Maven dependencies only differ in `classifier` (jira:IVY-1642[]) - IMPROVEMENT: Upgrade Apache HttpClient to 4.5.13 (jira:IVY-1644[]) +- FIX: CVE-2022-46751: Apache Ivy Is Vulnerable to XML External Entity Injections == Committers and Contributors