(commons-bcel) branch master updated: Update old release notes for CVE-2022-42920

Mon, 12 Jan 2026 13:13:44 -0800 

This is an automated email from the ASF dual-hosted git repository.

ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-bcel.git


The following commit(s) were added to refs/heads/master by this push:
     new 5d025cd6 Update old release notes for CVE-2022-42920
5d025cd6 is described below

commit 5d025cd60a3f1c0c4dcc26ddac9e3c703650ab49
Author: Gary Gregory <[email protected]>
AuthorDate: Mon Jan 12 16:13:27 2026 -0500

    Update old release notes for CVE-2022-42920
    
    CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing 
arbitrary bytecode via out-of-bounds writing
---
 RELEASE-NOTES.txt       | 1 +
 src/changes/changes.xml | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt
index df4cfda6..10b84d32 100644
--- a/RELEASE-NOTES.txt
+++ b/RELEASE-NOTES.txt
@@ -613,6 +613,7 @@ Apache Commons BCEL 6.6.0!
 The Byte Code Engineering Library (BCEL) is designed to provide users with a 
convenient way to analyze, create, and manipulate compiled .class files. 
 Classes are represented by objects containing all the symbolic information of 
the given class: methods, fields, and bytecode instructions.
 
+Fixes CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing 
arbitrary bytecode via out-of-bounds writing.
 
 New Features
 -------------
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 0c274c36..38f549f3 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -315,7 +315,7 @@ The <action> type attribute can be add,update,fix,remove.
       <action                  type="update" dev="ggregory" due-to="Gary 
Gregory">Bump spotbugs-maven-plugub from 4.7.2.1 to 4.7.2.2.</action>
       <action                  type="update" dev="ggregory" due-to="Gary 
Gregory">Bump pmd from 6.50.0 to 6.51.0.</action>
     </release>
-    <release version="6.6.0" date="2022-10-08" description="Minor feature and 
bug fix release.">
+    <release version="6.6.0" date="2022-10-08" description="Minor feature and 
bug fix release. Fixes CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 
allows producing arbitrary bytecode via out-of-bounds writing">
       <!-- FIX -->
       <action                  type="fix" dev="ggregory" due-to="Mark Roberts, 
Gary Gregory">Improve test case coverage; fix Utility.encode bug #46.</action>
       <action issue="BCEL-342" type="fix" dev="ggregory" due-to="Allon 
Murienik, Gary Gregory">Migrate test suite to JUnit Jupiter #68.</action>

Reply via email to