[jira] [Commented] (GROOVY-10814) Bump ivy to 2.5.1

Paul King (Jira) Tue, 03 Jan 2023 03:37:05 -0800


    [ 
https://issues.apache.org/jira/browse/GROOVY-10814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17653948#comment-17653948
 ]


Paul King commented on GROOVY-10814:
------------------------------------

I will back that change out. It wasn't intended to break the Java 7 build for 
that Groovy version.

> Bump ivy to 2.5.1
> -----------------
>
>                 Key: GROOVY-10814
>                 URL: https://issues.apache.org/jira/browse/GROOVY-10814
>             Project: Groovy
>          Issue Type: Dependency upgrade
>            Reporter: Daniel Sun
>            Assignee: Daniel Sun
>            Priority: Major
>             Fix For: 3.0.14, 2.5.20, 4.0.7
>
>
> This includes some security fixes from Ivy CVE-2022-37865 and CVE-2022-37866 
> as per:
> [https://ant.apache.org/ivy/security.html]
> Groovy uses Ivy in its Grape/Grab component. While that functionality isn't 
> impacted by those security issues, any users who might be using the Ivy jar 
> directly should update to Ivy 2.5.1 if they haven't done so already.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (GROOVY-10814) Bump ivy to 2.5.1

Reply via email to