Skip to content

v23.8.6

Compare
Choose a tag to compare
@github-actions github-actions released this 25 Aug 05:24
· 509 commits to main since this release
c22b02c

What's Changed

This is a security fix issue for sbt-airframe plugin, which internally uses coursier library for downloading artifacts from Maven repository. CVE-2022-46751 was an issue when parsing XML pom.xml files with DTD elements. Since coursier 2.1.6, XML DTD processing will be disabled. The risk is moderate as sbt-airframe uses coursier only for downloading airframe-http package.

  • sbt-airframe: Upgrade coursier to 2.1.6 to fix

🔗 Dependency Updates

🛠 Internal Updates

Full Changelog: v23.8.5...v23.8.6