[GROOVY-10814] Bump ivy to 2.5.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.0.14, 4.0.7
Component/s: None
Labels:
None

Description

This includes some security fixes from Ivy CVE-2022-37865 and CVE-2022-37866 as per:
https://ant.apache.org/ivy/security.html

Groovy uses Ivy in its Grape/Grab component. While that functionality isn't impacted by those security issues, any users who might be using the Ivy jar directly should update to Ivy 2.5.1 if they haven't done so already.

Attachments

Activity

People

Assignee:: Daniel Sun

Reporter:: Daniel Sun

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 05/Nov/22 12:32

Updated:: 05/Jan/23 02:33

Resolved:: 05/Nov/22 12:59