-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Apache Ant Team is pleased to announce the release of Apache Ivy
2.6.0.

Apache Ivy is a dependency manager focusing on flexibility and
simplicity with strong integration into the Apache Ant build tool.

Ivy 2.6.0 is bugfix and feature release and also addresses an path
traversal vulnerability in Packageresolver, see the upcoming CVE
announcement or https://ant.apache.org/ivy/security.html for details.

Source and binary distributions are available for download from the
Apache Ivy download site:

https://ant.apache.org/ivy/download.cgi

When downloading, please verify signatures using the KEYS file available
at the above location when downloading the release.

Changes in 2.6.0 include:
=========================

- - a new conflict manager handles conflicts the same way Maven does.
- - ivy_deliver merges extension XML namespaces now.
- - CVE-2026-26032: path traversal vulnerability in PackagerResolver

For complete information on Ivy, including instructions on how to submit
bug reports, patches, or suggestions for improvement, see the Apache Ivy
website:

https://ant.apache.org/ivy/

Stefan Bodewig, on behalf of the Apache Ant community
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAmpXpHYACgkQohFa4V9ri3IxjwCfdvTA3LzDg5/s0H/GeF9yn0xv
EMgAnRmgq7w9H9G2UcA3Fp1lk05KVbhD
=47/f
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to