It is probably easier to do a backport of maven-shared-utils with the vulnerability fix.
Robert On 27-6-2021 00:48:00, Michael Osipov <micha...@apache.org> wrote: Folks, I have now back ported a lot of issues to maven-3.8.x which aren't related to resume, producer/consumer, etc. Many are just an output of Resolver update, no code changes in Maven itself. The following are open now: 1. MNG-7034: waiting for a backport from gnodet@ since my humble try did not work 2. Without MNG-6965 I see MNG-7115 constantly. 3. Jansi/maven-shared-utils upgrade: > https://issues.apache.org/jira/issues/?jql=project%20%3D%2012316922%20AND%20fixVersion%20%3D%2012349448%20%20AND%20(summary%20~%20jansi%20OR%20text%20~%20jansi)%20and%20issuekey%20not%20in%20(MNG-6915%2CMNG-7087%2CMNG-6914)%20ORDER%20BY%20priority%20DESC%2C%20key%20ASC Looks like a lot, but most are fixed by Jansi upgrade. Anyone wants to help out with Jansi? I see no further issues from master worth/possible back porting to maven-3.8.x. It we can resolve those from above, I'd start a release in July. Michael --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org