v23.8.6
What's Changed
This is a security fix issue for sbt-airframe plugin, which internally uses coursier library for downloading artifacts from Maven repository. CVE-2022-46751 was an issue when parsing XML pom.xml files with DTD elements. Since coursier 2.1.6, XML DTD processing will be disabled. The risk is moderate as sbt-airframe uses coursier only for downloading airframe-http package.
- sbt-airframe: Upgrade coursier to 2.1.6 to fix
🔗 Dependency Updates
- Update airframe-codec, airframe-control, ... to 23.8.5 by @xerial-bot in #3157
- Update coursier to 2.1.6 by @xerial-bot in #3159
- Update sbt, sbt-dependency-tree, ... to 1.9.4 by @xerial-bot in #3162
🛠 Internal Updates
- Update trino-main to 425 by @xerial-bot in #3161
Full Changelog: v23.8.5...v23.8.6