Hi, I will take care about release 3.9.15
On Mon, 6 Apr 2026 at 17:27, Clebert Suconic <[email protected]> wrote: > Thanks a lot > > Is there anyone planning to release it already? it would be nice to > have a release on it... > > Thanks > > On Thu, Apr 2, 2026 at 4:00 PM Slawomir Jaranowski > <[email protected]> wrote: > > > > Hi, > > > > Fixed for 3.9.15 - > https://github.com/apache/maven/milestone/125?closed=1 > > > > > > > > > > I add info at > > https://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec > > thate plexus-utils 3.6.1 alos has a fix > > > > > > On Thu, 2 Apr 2026 at 14:24, Clebert Suconic <[email protected]> > > wrote: > > > > > From my line of usage: These two jars: > > > > > > org.apache.maven:maven-plugin-api:jar:3.9.14 > > > org.apache.maven:maven-core:jar:3.9.14 > > > > > > > > > If you look on the pom, you will see: > > > > > > https://github.com/apache/maven/blob/maven-3.9.x/pom.xml#L138 > > > > > > On Thu, Apr 2, 2026 at 7:22 AM Guillaume Nodet <[email protected]> > wrote: > > > > > > > > Do you know which jars depend on this plexus-utils 3.6.0 ? > > > > > > > > Le jeu. 2 avr. 2026 à 13:02, Clebert Suconic < > [email protected]> > > > a > > > > écrit : > > > > > > > > > Plexus utils 3.6.0 is affected by a CVE: > > > > > > > > > > https://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec > > > > > > > > > > > > > > > > > > > > Would be possible to update the dependency by a non affected > version > > > > > (I think 3.9.0?) and have a maven 3.9.15 with the upgrade? > > > > > > > > > > I develop a maven plugin and that makes my code to appear in > security > > > > > scanners, even though the dependency has a provided scope and is > > > > > downloaded by Maven itself. > > > > > > > > > > > > > > > > > > > > Thank you > > > > > > > > > > -- > > > > > Clebert Suconic > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [email protected] > > > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > > > > > > > -- > > > > ------------------------ > > > > Guillaume Nodet > > > > > > > > > > > > -- > > > Clebert Suconic > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > > > > > -- > > Sławomir Jaranowski > > > > -- > Clebert Suconic > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Sławomir Jaranowski
