This is an automated email from the ASF dual-hosted git repository.

bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ant-ivy.git

commit 6c0560f93ca421bc5ce210010b3c5f0bff01f2d9
Author: Stefan Bodewig <bode...@apache.org>
AuthorDate: Sun Aug 20 11:59:44 2023 +0200

    update release notes with CVE-2022-46751
---
 asciidoc/release-notes.adoc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/asciidoc/release-notes.adoc b/asciidoc/release-notes.adoc
index 9f34ae99..653fa9ae 100644
--- a/asciidoc/release-notes.adoc
+++ b/asciidoc/release-notes.adoc
@@ -19,7 +19,7 @@
 
 = Ivy Release Announcement
 
-XXXX Date XXXX - The Apache Ivy project is pleased to announce its 2.5.2 
release.
+August 20 2023 - The Apache Ivy project is pleased to announce its 2.5.2 
release.
 
 == What is Ivy?
 Apache Ivy is a tool for managing (recording, tracking, resolving and 
reporting) project dependencies, characterized by flexibility,
@@ -38,6 +38,7 @@ Key features of this 2.5.2 release are:
 
 - FIX: reading POMs may loose dependencies when multiple Maven
   dependencies only differ in `classifier` (jira:IVY-1642[])
+- Fixes a Security Vulnerability, see 
link:https://ant.apache.org/ivy/security.html[the scurity page] for details.
 
 == List of Changes in this Release
 
@@ -57,6 +58,7 @@ For details about the following changes, check our JIRA 
install at link:https://
 - FIX: reading POMs may loose dependencies when multiple Maven
   dependencies only differ in `classifier` (jira:IVY-1642[])
 - IMPROVEMENT: Upgrade Apache HttpClient to 4.5.13 (jira:IVY-1644[])
+- FIX: CVE-2022-46751: Apache Ivy Is Vulnerable to XML External Entity 
Injections
 
 == Committers and Contributors
 

Reply via email to