This is an automated email from the ASF dual-hosted git repository.
rcordier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
The following commit(s) were added to refs/heads/master by this push:
new dde16a1 [Security fix] Upgrade org.apache.ant:ant from 1.10.6 to
1.10.8
dde16a1 is described below
commit dde16a135c5679c1e69be739e96f4771b4198400
Author: Rene Cordier <[email protected]>
AuthorDate: Tue Sep 15 11:13:36 2020 +0700
[Security fix] Upgrade org.apache.ant:ant from 1.10.6 to 1.10.8
CVE-2020-1945
moderate severity
Vulnerable versions: >= 1.10.0, < 1.10.8
Patched version: 1.10.8
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary
directory identified by the Java system property java.io.tmpdir for several
tasks and may thus leak sensitive information. The fixcrlf and replaceregexp
tasks also copy files from the temporary directory back into the build tree
allowing an attacker to inject modified source files into the build process.
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index d237cd3..ecbad38 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2281,7 +2281,7 @@
<dependency>
<groupId>org.apache.ant</groupId>
<artifactId>ant</artifactId>
- <version>1.10.6</version>
+ <version>1.10.8</version>
</dependency>
<dependency>
<groupId>org.apache.ant</groupId>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
