Hi everyone, I noticed that the latest released version of the maven-jar-plugin appears to be 3.5.0<https://mvnrepository.com/artifact/org.apache.maven.plugins/maven-jar-plugin/3.5.0>.
That version is reported as having two CVEs affecting its dependencies, which is currently triggering security warnings in downstream usage. I also noticed that PR #516<https://github.com/apache/maven-jar-plugin/pull/516#event-21980579791> updates plexus-archiver (from 4.10.4 to 4.11.0) which appears to address the dependency versions flagged by the reported CVEs. Is there any information about the current status of the next release? Best regards, João
