yotamc-ms closed pull request #206: Fix CVE-2021-26291: Bump Maven from 3.2.5
to 3.9.5
URL: https://github.com/apache/maven-compiler-plugin/pull/206
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to t
cstamas commented on PR #206:
URL:
https://github.com/apache/maven-compiler-plugin/pull/206#issuecomment-1784079854
That is irrelevant, as at runtime the "maven runtime" is swapped out to
currently used Maven version. In other words, Maven 3.2.5 is used ONLY if you
have it installed and us
yotamc-ms commented on PR #206:
URL:
https://github.com/apache/maven-compiler-plugin/pull/206#issuecomment-1784078664
maven-compiler-plugin depends on a vulnerable version of maven (3.2.5), you
can see it here:
https://mvnrepository.com/artifact/org.apache.maven.plugins/maven-compiler-p
olamy commented on PR #206:
URL:
https://github.com/apache/maven-compiler-plugin/pull/206#issuecomment-1784065144
what is the link between this (maven-compiler-plugin) and CVE-2021-26291?
I guess some security scanner reporting some false positive issue?
--
This is an automated mes
yotamc-ms opened a new pull request, #206:
URL: https://github.com/apache/maven-compiler-plugin/pull/206
Following this checklist to help us incorporate your
contribution quickly and easily:
- [ ] Make sure there is a [JIRA
issue](https://issues.apache.org/jira/browse/MCOMPILER)