-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Severity: moderate
Affected versions:
- - Apache Ivy 1.0.0 through 2.5.1
Description:
Improper Restriction of XML External Entity Reference, XML Injection (aka Blind
XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This
The Apache Ant Team is pleased to announce the release of Apache Ivy
2.5.2.
Apache Ivy is a dependency manager focusing on flexibility and
simplicity with strong integration into the Apache Ant build tool.
Ivy 2.5.2 is bugfix release and addresses an XML external entity
injection vulnerability,
Hi
with three binding +1s by Maarten, Jaikiran and myself, the vote has
passed. I'll proceed with publishing the release artifacts and will
announce the release after the mirros had time to catch up.
Thanks to all who took a look at the release candidate
Stefan
With (binding) +1s for Stefan, Maarten, me and Paul (non-binding), this
vote has now passed. I'll now go ahead with the rest of the release process.
Thank you all for the help in moving this release forward.
-Jaikiran
On 16/08/23 6:05 pm, Jaikiran Pai wrote:
Hello everyone,
I've created RC1
Thanks Jaikiran!
Here is my vote: +1
Maarten
Op woensdag 16 augustus 2023 om 14:35:43 CEST schreef Jaikiran Pai
:
Hello everyone,
I've created RC1 release candidate for Ant 1.10.14 release:
git tag: ANT_1.10.14_RC1
on commit: 53f19eccf49acf526415997046dca5a5135b0e8f
tarballs:
Thanks Stefan!
Here is my vote: +1
Maarten
Op donderdag 17 augustus 2023 om 18:54:01 CEST schreef Stefan Bodewig
:
Hi all
I've cancelled the previous vote as the NOTICE file didn't contain
2023. sorry about this. Now I've built a new release candidate for Ivy
2.5.2
Changelog:
- FIX:
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned