Author: bodewig Date: Wed Sep 30 16:56:57 2020 New Revision: 1882160 URL: http://svn.apache.org/viewvc?rev=1882160&view=rev Log: announce Ant 1.10.9
Modified: ant/site/ant/production/antnews.html ant/site/ant/production/bindownload.html ant/site/ant/production/faq.html ant/site/ant/production/index.html ant/site/ant/production/manualdownload.html ant/site/ant/production/security.html ant/site/ant/production/srcdownload.html ant/site/ant/sources/antnews.xml ant/site/ant/sources/bindownload.xml ant/site/ant/sources/faq.xml ant/site/ant/sources/index.xml ant/site/ant/sources/manualdownload.xml ant/site/ant/sources/security.xml ant/site/ant/sources/srcdownload.xml Modified: ant/site/ant/production/antnews.html URL: http://svn.apache.org/viewvc/ant/site/ant/production/antnews.html?rev=1882160&r1=1882159&r2=1882160&view=diff ============================================================================== --- ant/site/ant/production/antnews.html (original) +++ ant/site/ant/production/antnews.html Wed Sep 30 16:56:57 2020 @@ -227,6 +227,26 @@ <div class="content"> <h1 class="title">Apache Ant™ Project News</h1> <h3 class="section"> + <a name="Apache Ant 1.10.9"></a> + Apache Ant 1.10.9 + </h3> + <h3>Sep 30, 2020 - Apache Ant 1.10.9 Released</h3> + <p>Apache Ant 1.10.9 are now available for download as source or + binary from + <a href="https://ant.apache.org/bindownload.cgi">https://ant.apache.org/bindownload.cgi</a>.</p> + <p>The Apache Ant team currently maintains two lines of + development. The 1.9.x releases require Java5 at runtime and 1.10.x + requires Java8 at runtime. Both lines are based off of Ant 1.9.7 and + the 1.9.x releases are mostly bug fix releases while additional new + features are developed for 1.10.x. We recommend using 1.10.x unless + you are required to use versions of Java prior to Java8 during the + build process.</p> + <p>Ant 1.10.9 contains a bugfixes and support for using GraalVM + JavaScript inside the script family of tasks and types..</p> + <p>It also addresses an insecure temporary file vulnerability + vulnerability, see the <a href="./security.html">security + report</a> for details.</p> + <h3 class="section"> <a name="Apache Ant 1.9.15 and 1.10.8"></a> Apache Ant 1.9.15 and 1.10.8 </h3> Modified: ant/site/ant/production/bindownload.html URL: http://svn.apache.org/viewvc/ant/site/ant/production/bindownload.html?rev=1882160&r1=1882159&r2=1882160&view=diff ============================================================================== --- ant/site/ant/production/bindownload.html (original) +++ ant/site/ant/production/bindownload.html Wed Sep 30 16:56:57 2020 @@ -275,14 +275,13 @@ Other mirrors: <select name="Preferred"> features are developed for 1.10.x. We recommend using 1.10.x unless you are required to use versions of Java prior to Java8 during the build process.</p> - <p>Currently, Apache Ant 1.9.15 and 1.10.8 are the best available + <p>Currently, Apache Ant 1.9.15 and 1.10.9 are the best available versions, see the <a href="[preferred]/ant/README.html">release notes</a>.</p> <div class="warning"> <div class="label">Note</div> -<div class="content">Ant 1.10.8 and 1.9.15 have been released on -13-May-2020 and may not be available on all mirrors for a few -days.</div> +<div class="content">Ant 1.10.9 has been released on 30-Sep-2020 and +may not be available on all mirrors for a few days.</div> </div> <br /> <div class="warning"> @@ -312,29 +311,29 @@ days.</div> </li> </ul> <h3 class="section"> - <a name="1.10.8 release - requires minimum of Java 8 at runtime"></a> - 1.10.8 release - requires minimum of Java 8 at runtime + <a name="1.10.9 release - requires minimum of Java 8 at runtime"></a> + 1.10.9 release - requires minimum of Java 8 at runtime </h3> <ul> - <li>1.10.8 <code>.zip</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.10.8-bin.zip">apache-ant-1.10.8-bin.zip</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.zip.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.10.8-bin.tar.gz">apache-ant-1.10.8-bin.tar.gz</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.gz.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.10.8-bin.tar.bz2">apache-ant-1.10.8-bin.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.bz2.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.xz</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.10.8-bin.tar.xz">apache-ant-1.10.8-bin.tar.xz</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.xz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.xz.sha512">SHA512</a>] + <li>1.10.9 <code>.zip</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.10.9-bin.zip">apache-ant-1.10.9-bin.zip</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.9-bin.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.9-bin.zip.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.10.9-bin.tar.gz">apache-ant-1.10.9-bin.tar.gz</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.9-bin.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.9-bin.tar.gz.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.10.9-bin.tar.bz2">apache-ant-1.10.9-bin.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.9-bin.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.9-bin.tar.bz2.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.xz</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.10.9-bin.tar.xz">apache-ant-1.10.9-bin.tar.xz</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.9-bin.tar.xz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.9-bin.tar.xz.sha512">SHA512</a>] </li> </ul> <h3 class="section"> @@ -358,17 +357,17 @@ directory</a>, rather than from a mirror using</p> <p><code> % pgpk -a KEYS<br /> -% pgpv apache-ant-1.10.8-bin.tar.gz.asc<br /> +% pgpv apache-ant-1.10.9-bin.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % pgp -ka KEYS<br /> -% pgp apache-ant-1.10.8-bin.tar.gz.asc<br /> +% pgp apache-ant-1.10.9-bin.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % gpg --import KEYS<br /> -% gpg --verify apache-ant-1.10.8-bin.tar.gz.asc +% gpg --verify apache-ant-1.10.9-bin.tar.gz.asc </code></p> <p>A command line version of <a href="https://www.gnupg.org/download/">GnuPG</a> is also available for Windows users. Follow the Modified: ant/site/ant/production/faq.html URL: http://svn.apache.org/viewvc/ant/site/ant/production/faq.html?rev=1882160&r1=1882159&r2=1882160&view=diff ============================================================================== --- ant/site/ant/production/faq.html (original) +++ ant/site/ant/production/faq.html Wed Sep 30 16:56:57 2020 @@ -1026,6 +1026,16 @@ 13 May 2020 </td> </tr> + <tr> + <td colspan="1" rowspan="1" + valign="top" align="left"> + 1.10.9 + </td> + <td colspan="1" rowspan="1" + valign="top" align="left"> + 30 September 2020 + </td> + </tr> </table> <p class="faq"> <a name="java-version"></a> Modified: ant/site/ant/production/index.html URL: http://svn.apache.org/viewvc/ant/site/ant/production/index.html?rev=1882160&r1=1882159&r2=1882160&view=diff ============================================================================== --- ant/site/ant/production/index.html (original) +++ ant/site/ant/production/index.html Wed Sep 30 16:56:57 2020 @@ -250,11 +250,11 @@ the <a href="https://www.apache.org/">Apache Software Foundation</a>.</p> <h3 class="section"> - <a name="Apache Ant 1.9.15 and 1.10.8"></a> - Apache Ant 1.9.15 and 1.10.8 + <a name="Apache Ant 1.10.9"></a> + Apache Ant 1.10.9 </h3> - <h3>May 13, 2020 - Apache Ant 1.9.15 and 1.10.8 Released</h3> - <p>Apache Ant 1.9.15 and 1.10.8 are now available for download as source or + <h3>Sep 30, 2020 - Apache Ant 1.10.9 Released</h3> + <p>Apache Ant 1.10.9 are now available for download as source or binary from <a href="https://ant.apache.org/bindownload.cgi">https://ant.apache.org/bindownload.cgi</a>.</p> <p>The Apache Ant team currently maintains two lines of @@ -264,10 +264,9 @@ features are developed for 1.10.x. We recommend using 1.10.x unless you are required to use versions of Java prior to Java8 during the build process.</p> - <p>Ant 1.10.8 contains a superset of 1.9.15 - with the exception of - a few tasks and features that no longer work with Java8 anyway - (like the <code>apt</code> task).</p> - <p>Both releases address a insecure temporary file vulnerability + <p>Ant 1.10.9 contains a bugfixes and support for using GraalVM + JavaScript inside the script family of tasks and types..</p> + <p>It also addresses an insecure temporary file vulnerability vulnerability, see the <a href="./security.html">security report</a> for details.</p> <h3 class="section"> Modified: ant/site/ant/production/manualdownload.html URL: http://svn.apache.org/viewvc/ant/site/ant/production/manualdownload.html?rev=1882160&r1=1882159&r2=1882160&view=diff ============================================================================== --- ant/site/ant/production/manualdownload.html (original) +++ ant/site/ant/production/manualdownload.html Wed Sep 30 16:56:57 2020 @@ -269,14 +269,13 @@ Other mirrors: <select name="Preferred"> features are developed for 1.10.x. We recommend using 1.10.x unless you are required to use versions of Java prior to Java8 during the build process.</p> - <p>Currently, Apache Ant 1.9.15 and 1.10.8 are the best available + <p>Currently, Apache Ant 1.9.15 and 1.10.9 are the best available versions, see the <a href="[preferred]/ant/README.html">release notes</a>.</p> <div class="warning"> <div class="label">Note</div> -<div class="content">Ant 1.10.8 and 1.9.15 have been released on -13-May-2020 and may not be available on all mirrors for a few -days.</div> +<div class="content">Ant 1.10.9 has been released on 30-Sep-2020 and +may not be available on all mirrors for a few days.</div> </div> <br /> <div class="warning"> @@ -306,29 +305,29 @@ days.</div> </li> </ul> <h3 class="section"> - <a name="1.10.8 release - requires minimum of Java 8 at runtime"></a> - 1.10.8 release - requires minimum of Java 8 at runtime + <a name="1.10.9 release - requires minimum of Java 8 at runtime"></a> + 1.10.9 release - requires minimum of Java 8 at runtime </h3> <ul> - <li>1.10.8 <code>.zip</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.10.8-manual.zip">apache-ant-1.10.8-manual.zip</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.zip.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.10.8-manual.tar.gz">apache-ant-1.10.8-manual.tar.gz</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.gz.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.10.8-manual.tar.bz2">apache-ant-1.10.8-manual.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.bz2.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.xz</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.10.8-manual.tar.xz">apache-ant-1.10.8-manual.tar.xz</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.xz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.xz.sha512">SHA512</a>] + <li>1.10.9 <code>.zip</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.10.9-manual.zip">apache-ant-1.10.9-manual.zip</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.9-manual.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.9-manual.zip.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.10.9-manual.tar.gz">apache-ant-1.10.9-manual.tar.gz</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.9-manual.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.9-manual.tar.gz.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.10.9-manual.tar.bz2">apache-ant-1.10.9-manual.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.9-manual.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.9-manual.tar.bz2.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.xz</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.10.9-manual.tar.xz">apache-ant-1.10.9-manual.tar.xz</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.9-manual.tar.xz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.9-manual.tar.xz.sha512">SHA512</a>] </li> </ul> <h3 class="section"> @@ -352,17 +351,17 @@ directory</a>, rather than from a mirror using</p> <p><code> % pgpk -a KEYS<br /> -% pgpv apache-ant-1.10.8-manual.tar.gz.asc<br /> +% pgpv apache-ant-1.10.9-manual.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % pgp -ka KEYS<br /> -% pgp apache-ant-1.10.8-manual.tar.gz.asc<br /> +% pgp apache-ant-1.10.9-manual.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % gpg --import KEYS<br /> -% gpg --verify apache-ant-1.10.8-manual.tar.gz.asc +% gpg --verify apache-ant-1.10.9-manual.tar.gz.asc </code></p> <p>A command line version of <a href="https://www.gnupg.org/download/">GnuPG</a> is also available for Windows users. Follow the Modified: ant/site/ant/production/security.html URL: http://svn.apache.org/viewvc/ant/site/ant/production/security.html?rev=1882160&r1=1882159&r2=1882160&view=diff ============================================================================== --- ant/site/ant/production/security.html (original) +++ ant/site/ant/production/security.html Wed Sep 30 16:56:57 2020 @@ -265,6 +265,41 @@ the descriptions here are incomplete, please report them privately to the Apache Security Team. Thank you.</p> <h4 class="subsection"> + <a name="Fixed in Apache Ant 1.10.9"></a> + Fixed in Apache Ant 1.10.9 + </h4> + <p><b>Medium: insecure temporary file vulnerability</b> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979">CVE-2020-11979</a></p> + <p>As mitigation for <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945">CVE-2020-1945</a> + Apache Ant 1.10.8 changed the permissions of temporary files + it created so that only the current user was allowed to + access them. Unfortunately the fixcrlf task deleted the + temporary file and created a new one without said + protection, effectively nullifying the effort.</p> + <p>This would still allow an attacker to inject modified source files into + the build process.</p> + <p><b>Mitigation:</b>The best mitigation against + CVE-2020-11979 and CVE-2020-1945 still is to make Ant use a + directory that is only readable and writable by the current + user.</p> + <p>Users of versions 1.10.8 and 1.9.15 can use the Ant + property <code>ant.tmpdir</code> to point to such a + directory, users of versions 1.1 to 1.9.14 and 1.10.0 to + 1.10.7 should set the <code>java.io.tmpdir</code> system + property.</p> + <p>Ant 1.10.9 will also try to create a temporary directory + only accessible by the current user if neither of the + properties above is set but may fail to create one if the + underlying filesystem doesn't allow it.</p> + <p>Explicitly setting up a directory to use and set the + respective property is the only mitigation that will work on + every platform.</p> + <p>This was fixed in revisions + <a href="https://gitbox.apache.org/repos/asf?p=ant.git;a=commit;h=f7159e8a084a3fcb76b933d393df1fc855d74d78">f7159e8a084a3fcb76b933d393df1fc855d74d78</a> and + <a href="https://gitbox.apache.org/repos/asf?p=ant.git;a=commit;h=87ac51d3c22bcf7cfd0dc07cb0bd04a496e0d428">87ac51d3c22bcf7cfd0dc07cb0bd04a496e0d428</a>.</p> + <p>This was first reported to the Security Team on 1 + June 2020 and made public on 30 September 2020</p> + <p>Affects: until 1.10.8</p> + <h4 class="subsection"> <a name="Fixed in Apache Ant 1.10.8"></a> Fixed in Apache Ant 1.10.8 </h4> Modified: ant/site/ant/production/srcdownload.html URL: http://svn.apache.org/viewvc/ant/site/ant/production/srcdownload.html?rev=1882160&r1=1882159&r2=1882160&view=diff ============================================================================== --- ant/site/ant/production/srcdownload.html (original) +++ ant/site/ant/production/srcdownload.html Wed Sep 30 16:56:57 2020 @@ -273,14 +273,13 @@ Other mirrors: <select name="Preferred"> features are developed for 1.10.x. We recommend using 1.10.x unless you are required to use versions of Java prior to Java8 during the build process.</p> - <p>Currently, Apache Ant 1.9.15 and 1.10.8 are the best available + <p>Currently, Apache Ant 1.9.15 and 1.10.9 are the best available versions, see the <a href="[preferred]/ant/README.html">release notes</a>.</p> <div class="warning"> <div class="label">Note</div> -<div class="content">Ant 1.10.8 and 1.9.15 have been released on -13-May-2020 and may not be available on all mirrors for a few -days.</div> +<div class="content">Ant 1.10.9 has been released on 30-Sep-2020 and +may not be available on all mirrors for a few days.</div> </div> <br /> <div class="warning"> @@ -310,29 +309,29 @@ days.</div> </li> </ul> <h3 class="section"> - <a name="1.10.8 release - requires minimum of Java 8 at runtime"></a> - 1.10.8 release - requires minimum of Java 8 at runtime + <a name="1.10.9 release - requires minimum of Java 8 at runtime"></a> + 1.10.9 release - requires minimum of Java 8 at runtime </h3> <ul> - <li>1.10.8 <code>.zip</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.10.8-src.zip">apache-ant-1.10.8-src.zip</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.zip.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.10.8-src.tar.gz">apache-ant-1.10.8-src.tar.gz</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.gz.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.10.8-src.tar.bz2">apache-ant-1.10.8-src.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.bz2.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.xz</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.10.8-src.tar.xz">apache-ant-1.10.8-src.tar.xz</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.xz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.xz.sha512">SHA512</a>] + <li>1.10.9 <code>.zip</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.10.9-src.zip">apache-ant-1.10.9-src.zip</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.9-src.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.9-src.zip.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.10.9-src.tar.gz">apache-ant-1.10.9-src.tar.gz</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.9-src.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.9-src.tar.gz.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.10.9-src.tar.bz2">apache-ant-1.10.9-src.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.9-src.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.9-src.tar.bz2.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.xz</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.10.9-src.tar.xz">apache-ant-1.10.9-src.tar.xz</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.9-src.tar.xz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.9-src.tar.xz.sha512">SHA512</a>] </li> </ul> <h3 class="section"> @@ -356,17 +355,17 @@ directory</a>, rather than from a mirror using</p> <p><code> % pgpk -a KEYS<br /> -% pgpv apache-ant-1.10.8-src.tar.gz.asc<br /> +% pgpv apache-ant-1.10.9-src.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % pgp -ka KEYS<br /> -% pgp apache-ant-1.10.8-src.tar.gz.asc<br /> +% pgp apache-ant-1.10.9-src.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % gpg --import KEYS<br /> -% gpg --verify apache-ant-1.10.8-src.tar.gz.asc +% gpg --verify apache-ant-1.10.9-src.tar.gz.asc </code></p> <p>Alternatively, you can verify the checksums on the files. Unix programs called <code>sha1</code>/<code>sha512</code> or Modified: ant/site/ant/sources/antnews.xml URL: http://svn.apache.org/viewvc/ant/site/ant/sources/antnews.xml?rev=1882160&r1=1882159&r2=1882160&view=diff ============================================================================== --- ant/site/ant/sources/antnews.xml (original) +++ ant/site/ant/sources/antnews.xml Wed Sep 30 16:56:57 2020 @@ -28,6 +28,29 @@ </properties> <body> + <section name="Apache Ant 1.10.9"> + <h3>Sep 30, 2020 - Apache Ant 1.10.9 Released</h3> + <p>Apache Ant 1.10.9 are now available for download as source or + binary from + <a href="https://ant.apache.org/bindownload.cgi">https://ant.apache.org/bindownload.cgi</a>.</p> + + <p>The Apache Ant team currently maintains two lines of + development. The 1.9.x releases require Java5 at runtime and 1.10.x + requires Java8 at runtime. Both lines are based off of Ant 1.9.7 and + the 1.9.x releases are mostly bug fix releases while additional new + features are developed for 1.10.x. We recommend using 1.10.x unless + you are required to use versions of Java prior to Java8 during the + build process.</p> + + <p>Ant 1.10.9 contains a bugfixes and support for using GraalVM + JavaScript inside the script family of tasks and types..</p> + + <p>It also addresses an insecure temporary file vulnerability + vulnerability, see the <a href="./security.html">security + report</a> for details.</p> + + </section> + <section name="Apache Ant 1.9.15 and 1.10.8"> <h3>May 13, 2020 - Apache Ant 1.9.15 and 1.10.8 Released</h3> <p>Apache Ant 1.9.15 and 1.10.8 are now available for download as source or Modified: ant/site/ant/sources/bindownload.xml URL: http://svn.apache.org/viewvc/ant/site/ant/sources/bindownload.xml?rev=1882160&r1=1882159&r2=1882160&view=diff ============================================================================== --- ant/site/ant/sources/bindownload.xml (original) +++ ant/site/ant/sources/bindownload.xml Wed Sep 30 16:56:57 2020 @@ -88,15 +88,14 @@ Other mirrors: <select name="Preferred"> you are required to use versions of Java prior to Java8 during the build process.</p> - <p>Currently, Apache Ant 1.9.15 and 1.10.8 are the best available + <p>Currently, Apache Ant 1.9.15 and 1.10.9 are the best available versions, see the <a href="[preferred]/ant/README.html">release notes</a>.</p> <div class="warning"> <div class="label">Note</div> -<div class="content">Ant 1.10.8 and 1.9.15 have been released on -13-May-2020 and may not be available on all mirrors for a few -days.</div> +<div class="content">Ant 1.10.9 has been released on 30-Sep-2020 and +may not be available on all mirrors for a few days.</div> </div> <br></br> <div class="warning"> @@ -126,27 +125,27 @@ days.</div> </ul> </section> -<section name="1.10.8 release - requires minimum of Java 8 at runtime"> +<section name="1.10.9 release - requires minimum of Java 8 at runtime"> <ul> - <li>1.10.8 <code>.zip</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.10.8-bin.zip">apache-ant-1.10.8-bin.zip</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.zip.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.10.8-bin.tar.gz">apache-ant-1.10.8-bin.tar.gz</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.gz.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.10.8-bin.tar.bz2">apache-ant-1.10.8-bin.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.bz2.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.xz</code> archive: - <a href="[preferred]/ant/binaries/apache-ant-1.10.8-bin.tar.xz">apache-ant-1.10.8-bin.tar.xz</a> - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.xz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.8-bin.tar.xz.sha512">SHA512</a>] + <li>1.10.9 <code>.zip</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.10.9-bin.zip">apache-ant-1.10.9-bin.zip</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.9-bin.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.9-bin.zip.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.10.9-bin.tar.gz">apache-ant-1.10.9-bin.tar.gz</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.9-bin.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.9-bin.tar.gz.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.10.9-bin.tar.bz2">apache-ant-1.10.9-bin.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.9-bin.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.9-bin.tar.bz2.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.xz</code> archive: + <a href="[preferred]/ant/binaries/apache-ant-1.10.9-bin.tar.xz">apache-ant-1.10.9-bin.tar.xz</a> + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.9-bin.tar.xz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/binaries/apache-ant-1.10.9-bin.tar.xz.sha512">SHA512</a>] </li> </ul> </section> @@ -176,17 +175,17 @@ using</p> <p><code> % pgpk -a KEYS<br /> -% pgpv apache-ant-1.10.8-bin.tar.gz.asc<br /> +% pgpv apache-ant-1.10.9-bin.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % pgp -ka KEYS<br /> -% pgp apache-ant-1.10.8-bin.tar.gz.asc<br /> +% pgp apache-ant-1.10.9-bin.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % gpg --import KEYS<br /> -% gpg --verify apache-ant-1.10.8-bin.tar.gz.asc +% gpg --verify apache-ant-1.10.9-bin.tar.gz.asc </code></p> <p>A command line version of <a href="https://www.gnupg.org/download/">GnuPG</a> Modified: ant/site/ant/sources/faq.xml URL: http://svn.apache.org/viewvc/ant/site/ant/sources/faq.xml?rev=1882160&r1=1882159&r2=1882160&view=diff ============================================================================== --- ant/site/ant/sources/faq.xml (original) +++ ant/site/ant/sources/faq.xml Wed Sep 30 16:56:57 2020 @@ -323,6 +323,10 @@ <td>1.10.8</td> <td>13 May 2020</td> </tr> + <tr> + <td>1.10.9</td> + <td>30 September 2020</td> + </tr> </table> </answer> </faq> Modified: ant/site/ant/sources/index.xml URL: http://svn.apache.org/viewvc/ant/site/ant/sources/index.xml?rev=1882160&r1=1882159&r2=1882160&view=diff ============================================================================== --- ant/site/ant/sources/index.xml (original) +++ ant/site/ant/sources/index.xml Wed Sep 30 16:56:57 2020 @@ -56,9 +56,9 @@ the <a href="https://www.apache.org/">Apache Software Foundation</a>.</p> </section> - <section name="Apache Ant 1.9.15 and 1.10.8"> - <h3>May 13, 2020 - Apache Ant 1.9.15 and 1.10.8 Released</h3> - <p>Apache Ant 1.9.15 and 1.10.8 are now available for download as source or + <section name="Apache Ant 1.10.9"> + <h3>Sep 30, 2020 - Apache Ant 1.10.9 Released</h3> + <p>Apache Ant 1.10.9 are now available for download as source or binary from <a href="https://ant.apache.org/bindownload.cgi">https://ant.apache.org/bindownload.cgi</a>.</p> @@ -70,11 +70,10 @@ you are required to use versions of Java prior to Java8 during the build process.</p> - <p>Ant 1.10.8 contains a superset of 1.9.15 - with the exception of - a few tasks and features that no longer work with Java8 anyway - (like the <code>apt</code> task).</p> + <p>Ant 1.10.9 contains a bugfixes and support for using GraalVM + JavaScript inside the script family of tasks and types..</p> - <p>Both releases address a insecure temporary file vulnerability + <p>It also addresses an insecure temporary file vulnerability vulnerability, see the <a href="./security.html">security report</a> for details.</p> Modified: ant/site/ant/sources/manualdownload.xml URL: http://svn.apache.org/viewvc/ant/site/ant/sources/manualdownload.xml?rev=1882160&r1=1882159&r2=1882160&view=diff ============================================================================== --- ant/site/ant/sources/manualdownload.xml (original) +++ ant/site/ant/sources/manualdownload.xml Wed Sep 30 16:56:57 2020 @@ -83,15 +83,14 @@ Other mirrors: <select name="Preferred"> you are required to use versions of Java prior to Java8 during the build process.</p> - <p>Currently, Apache Ant 1.9.15 and 1.10.8 are the best available + <p>Currently, Apache Ant 1.9.15 and 1.10.9 are the best available versions, see the <a href="[preferred]/ant/README.html">release notes</a>.</p> <div class="warning"> <div class="label">Note</div> -<div class="content">Ant 1.10.8 and 1.9.15 have been released on -13-May-2020 and may not be available on all mirrors for a few -days.</div> +<div class="content">Ant 1.10.9 has been released on 30-Sep-2020 and +may not be available on all mirrors for a few days.</div> </div> <br></br> <div class="warning"> @@ -121,27 +120,27 @@ days.</div> </ul> </section> -<section name="1.10.8 release - requires minimum of Java 8 at runtime"> +<section name="1.10.9 release - requires minimum of Java 8 at runtime"> <ul> - <li>1.10.8 <code>.zip</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.10.8-manual.zip">apache-ant-1.10.8-manual.zip</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.zip.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.10.8-manual.tar.gz">apache-ant-1.10.8-manual.tar.gz</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.gz.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.10.8-manual.tar.bz2">apache-ant-1.10.8-manual.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.bz2.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.xz</code> archive: - <a href="[preferred]/ant/manual/apache-ant-1.10.8-manual.tar.xz">apache-ant-1.10.8-manual.tar.xz</a> - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.xz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.8-manual.tar.xz.sha512">SHA512</a>] + <li>1.10.9 <code>.zip</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.10.9-manual.zip">apache-ant-1.10.9-manual.zip</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.9-manual.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.9-manual.zip.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.10.9-manual.tar.gz">apache-ant-1.10.9-manual.tar.gz</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.9-manual.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.9-manual.tar.gz.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.10.9-manual.tar.bz2">apache-ant-1.10.9-manual.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.9-manual.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.9-manual.tar.bz2.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.xz</code> archive: + <a href="[preferred]/ant/manual/apache-ant-1.10.9-manual.tar.xz">apache-ant-1.10.9-manual.tar.xz</a> + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.9-manual.tar.xz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/manual/apache-ant-1.10.9-manual.tar.xz.sha512">SHA512</a>] </li> </ul> </section> @@ -169,17 +168,17 @@ using</p> <p><code> % pgpk -a KEYS<br /> -% pgpv apache-ant-1.10.8-manual.tar.gz.asc<br /> +% pgpv apache-ant-1.10.9-manual.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % pgp -ka KEYS<br /> -% pgp apache-ant-1.10.8-manual.tar.gz.asc<br /> +% pgp apache-ant-1.10.9-manual.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % gpg --import KEYS<br /> -% gpg --verify apache-ant-1.10.8-manual.tar.gz.asc +% gpg --verify apache-ant-1.10.9-manual.tar.gz.asc </code></p> <p>A command line version of <a href="https://www.gnupg.org/download/">GnuPG</a> Modified: ant/site/ant/sources/security.xml URL: http://svn.apache.org/viewvc/ant/site/ant/sources/security.xml?rev=1882160&r1=1882159&r2=1882160&view=diff ============================================================================== --- ant/site/ant/sources/security.xml (original) +++ ant/site/ant/sources/security.xml Wed Sep 30 16:56:57 2020 @@ -82,6 +82,51 @@ the descriptions here are incomplete, please report them privately to the Apache Security Team. Thank you.</p> + <subsection name="Fixed in Apache Ant 1.10.9"> + <p><b>Medium: insecure temporary file vulnerability</b> <a + href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979">CVE-2020-11979</a></p> + + <p>As mitigation for <a + href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945">CVE-2020-1945</a> + Apache Ant 1.10.8 changed the permissions of temporary files + it created so that only the current user was allowed to + access them. Unfortunately the fixcrlf task deleted the + temporary file and created a new one without said + protection, effectively nullifying the effort.</p> + + <p>This would still allow an attacker to inject modified source files into + the build process.</p> + + <p><b>Mitigation:</b>The best mitigation against + CVE-2020-11979 and CVE-2020-1945 still is to make Ant use a + directory that is only readable and writable by the current + user.</p> + + <p>Users of versions 1.10.8 and 1.9.15 can use the Ant + property <code>ant.tmpdir</code> to point to such a + directory, users of versions 1.1 to 1.9.14 and 1.10.0 to + 1.10.7 should set the <code>java.io.tmpdir</code> system + property.</p> + + <p>Ant 1.10.9 will also try to create a temporary directory + only accessible by the current user if neither of the + properties above is set but may fail to create one if the + underlying filesystem doesn't allow it.</p> + + <p>Explicitly setting up a directory to use and set the + respective property is the only mitigation that will work on + every platform.</p> + + <p>This was fixed in revisions + <a href="https://gitbox.apache.org/repos/asf?p=ant.git;a=commit;h=f7159e8a084a3fcb76b933d393df1fc855d74d78">f7159e8a084a3fcb76b933d393df1fc855d74d78</a> and + <a href="https://gitbox.apache.org/repos/asf?p=ant.git;a=commit;h=87ac51d3c22bcf7cfd0dc07cb0bd04a496e0d428">87ac51d3c22bcf7cfd0dc07cb0bd04a496e0d428</a>.</p> + + <p>This was first reported to the Security Team on 1 + June 2020 and made public on 30 September 2020</p> + + <p>Affects: until 1.10.8</p> + </subsection> + <subsection name="Fixed in Apache Ant 1.10.8"> <p><b>Medium: insecure temporary file vulnerability</b> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945">CVE-2020-1945</a></p> Modified: ant/site/ant/sources/srcdownload.xml URL: http://svn.apache.org/viewvc/ant/site/ant/sources/srcdownload.xml?rev=1882160&r1=1882159&r2=1882160&view=diff ============================================================================== --- ant/site/ant/sources/srcdownload.xml (original) +++ ant/site/ant/sources/srcdownload.xml Wed Sep 30 16:56:57 2020 @@ -85,15 +85,14 @@ Other mirrors: <select name="Preferred"> you are required to use versions of Java prior to Java8 during the build process.</p> - <p>Currently, Apache Ant 1.9.15 and 1.10.8 are the best available + <p>Currently, Apache Ant 1.9.15 and 1.10.9 are the best available versions, see the <a href="[preferred]/ant/README.html">release notes</a>.</p> <div class="warning"> <div class="label">Note</div> -<div class="content">Ant 1.10.8 and 1.9.15 have been released on -13-May-2020 and may not be available on all mirrors for a few -days.</div> +<div class="content">Ant 1.10.9 has been released on 30-Sep-2020 and +may not be available on all mirrors for a few days.</div> </div> <br></br> <div class="warning"> @@ -123,27 +122,27 @@ days.</div> </ul> </section> -<section name="1.10.8 release - requires minimum of Java 8 at runtime"> +<section name="1.10.9 release - requires minimum of Java 8 at runtime"> <ul> - <li>1.10.8 <code>.zip</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.10.8-src.zip">apache-ant-1.10.8-src.zip</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.zip.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.zip.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.gz</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.10.8-src.tar.gz">apache-ant-1.10.8-src.tar.gz</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.gz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.gz.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.bz2</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.10.8-src.tar.bz2">apache-ant-1.10.8-src.tar.bz2</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.bz2.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.bz2.sha512">SHA512</a>] - </li> - <li>1.10.8 <code>.tar.xz</code> archive: - <a href="[preferred]/ant/source/apache-ant-1.10.8-src.tar.xz">apache-ant-1.10.8-src.tar.xz</a> - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.xz.asc">PGP</a>] - [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.8-src.tar.xz.sha512">SHA512</a>] + <li>1.10.9 <code>.zip</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.10.9-src.zip">apache-ant-1.10.9-src.zip</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.9-src.zip.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.9-src.zip.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.gz</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.10.9-src.tar.gz">apache-ant-1.10.9-src.tar.gz</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.9-src.tar.gz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.9-src.tar.gz.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.bz2</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.10.9-src.tar.bz2">apache-ant-1.10.9-src.tar.bz2</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.9-src.tar.bz2.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.9-src.tar.bz2.sha512">SHA512</a>] + </li> + <li>1.10.9 <code>.tar.xz</code> archive: + <a href="[preferred]/ant/source/apache-ant-1.10.9-src.tar.xz">apache-ant-1.10.9-src.tar.xz</a> + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.9-src.tar.xz.asc">PGP</a>] + [<a href="https://downloads.apache.org/ant/source/apache-ant-1.10.9-src.tar.xz.sha512">SHA512</a>] </li> </ul> </section> @@ -173,17 +172,17 @@ using</p> <p><code> % pgpk -a KEYS<br /> -% pgpv apache-ant-1.10.8-src.tar.gz.asc<br /> +% pgpv apache-ant-1.10.9-src.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % pgp -ka KEYS<br /> -% pgp apache-ant-1.10.8-src.tar.gz.asc<br /> +% pgp apache-ant-1.10.9-src.tar.gz.asc<br /> </code> <em>or</em><br /> <code> % gpg --import KEYS<br /> -% gpg --verify apache-ant-1.10.8-src.tar.gz.asc +% gpg --verify apache-ant-1.10.9-src.tar.gz.asc </code></p> <p>Alternatively, you can verify the checksums on the files. Unix