Dear Codehaus Cargo enthusiasts
As announced on our mailing list a couple days back, Apache Ant versions Codehaus Cargo heavily relies on have some security issues, potentially leaking sensitive information or even allow an attacker to inject modified source files into the Codehaus Cargo container configuration generation process.
To ease the upgrade of the Apache Ant version used, we are happy to announce Codehaus Cargo 1.8.1, which has one improvement: [CARGO-1528] - Upgrade to Apache Ant 1.9.15.
To switch to this latest version:
Users of the Maven 2 / Maven 3 plugin simply need to use the Codehaus Cargo plugin version 1.8.1
Users of the Java API can download the new Uberjar from https://repo.maven.apache.org/maven2/org/codehaus/cargo/cargo-core-uberjar/1.8.1/cargo-core-uberjar-1.8.1.jar
Similarly, users of the ANT tasks can download the new ANT tasks from https://repo.maven.apache.org/maven2/org/codehaus/cargo/cargo-ant/1.8.1/cargo-ant-1.8.1.jar
Finally, the ones who want to see the Cargo Daemon can get it from https://repo.maven.apache.org/maven2/org/codehaus/cargo/cargo-daemon-webapp/1.8.1/cargo-daemon-webapp-1.8.1.war and either use the WAR directly as an executable JAR or as a WAR file deployed on another Web container
Please also do pass this message to any projects you know of, and ensure they upgrade their Codehaus Cargo, and if require Apache Ant, dependencies.
Enjoy!
-- S. Ali Tokmen http://ali.tokmen.com/ http://contact.ali.tokmen.com/