Details
-
Dependency upgrade
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Key features of this 2.5.1 release are:
- Ivy now requires a minimum of Java 8 runtime.
- Fixes two Security Vulnerabilities, see the scurity page for details.
For details about the following changes, check our JIRA install at https://issues.apache.org/jira/browse/IVY
List of changes since Ivy 2.5.0:
- BREAKING: Removed old fr\jayasoft\ivy\ant\antlib.xml AntLib definition file (
IVY-1612)
- FIX: ResolveEngine resets dictator resolver to null in the global configuration (
IVY-1618)
- FIX: ConcurrentModificationException in MessageLoggerHelper.sumupProblems (
IVY-1628)
- FIX: useOrigin="true" fails with file-based ibiblio (
IVY-1616)
- FIX: ivy:retrieve Ant task didn’t create an empty fileset when no files were retrieved to a non-empty directory (
IVY-1631)
- FIX: ivy:retrieve Ant task relied on the default HTTP header "Accept" which caused problems with servers that interpret it strictly (e.g. AWS CodeArtifact) (
IVY-1632)
- IMPROVEMENT: Ivy command now accepts a URL for the -settings option (
IVY-1615)
- FIX: CVE-2022-37865 allow create/overwrite any file on the system (see https://ant.apache.org/ivy/security.html)
- FIX: CVE-2022-37866 Path traversal in patterns (see https://ant.apache.org/ivy/security.html)
https://ant.apache.org/ivy/history/2.5.1/release-notes.html
Attachments
Issue Links
- requires
-
ARCHETYPE-643 Update minimum Java version to 8
- Closed
- links to