mrsbad.blogg.se - Apache ant 1.8

MLIST: 20200703 (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT.MLIST: 20200518 (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT.

MLIST: 20200518 branch master updated: RAT-269: Update Apache ANT to fix CVE-2020-1945.

MLIST: 20201205 CVE-2020-17521: Apache Groovy Information Disclosure.

MLIST: 20200930 Apache Ant insecure temporary file vulnerability.

Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities.

The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information.