Overview
Request 1034052 accepted
- Upgrade to version 2.5.1
* Breaking:
+ Removed old fr\jayasoft\ivy\ant\antlib.xml AntLib definition
file.
* Fixes:
+ CVE-2022-37865 allow create/overwrite any file on the system.
(see https://ant.apache.org/ivy/security.html)
+ CVE-2022-37866 Path traversal in patterns.
(see https://ant.apache.org/ivy/security.html)
+ ResolveEngine resets dictator resolver to null in the global
configuration.
+ ConcurrentModificationException in
MessageLoggerHelper.sumupProblems.
+ useOrigin="true" fails with file-based ibiblio.
+ ivy:retrieve Ant task didn’t create an empty fileset when no
files were retrieved to a non-empty directory.
+ ivy:retrieve Ant task relied on the default HTTP header
"Accept" which caused problems with servers that interpret it
strictly (e.g. AWS CodeArtifact).
* Improvements:
+ Ivy command now accepts a URL for the -settings option.
- Created by david.anes
- In state accepted
-
Package maintainers:
david.anes,
gkenion, and
lkundrak
Request History
david.anes created request
- Upgrade to version 2.5.1
* Breaking:
+ Removed old fr\jayasoft\ivy\ant\antlib.xml AntLib definition
file.
* Fixes:
+ CVE-2022-37865 allow create/overwrite any file on the system.
(see https://ant.apache.org/ivy/security.html)
+ CVE-2022-37866 Path traversal in patterns.
(see https://ant.apache.org/ivy/security.html)
+ ResolveEngine resets dictator resolver to null in the global
configuration.
+ ConcurrentModificationException in
MessageLoggerHelper.sumupProblems.
+ useOrigin="true" fails with file-based ibiblio.
+ ivy:retrieve Ant task didn’t create an empty fileset when no
files were retrieved to a non-empty directory.
+ ivy:retrieve Ant task relied on the default HTTP header
"Accept" which caused problems with servers that interpret it
strictly (e.g. AWS CodeArtifact).
* Improvements:
+ Ivy command now accepts a URL for the -settings option.
david.anes accepted request
