-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Apache Ant Team is pleased to announce the release of Apache Ivy 2.6.0.
Apache Ivy is a dependency manager focusing on flexibility and simplicity with strong integration into the Apache Ant build tool. Ivy 2.6.0 is bugfix and feature release and also addresses an path traversal vulnerability in Packageresolver, see the upcoming CVE announcement or https://ant.apache.org/ivy/security.html for details. Source and binary distributions are available for download from the Apache Ivy download site: https://ant.apache.org/ivy/download.cgi When downloading, please verify signatures using the KEYS file available at the above location when downloading the release. Changes in 2.6.0 include: ========================= - - a new conflict manager handles conflicts the same way Maven does. - - ivy_deliver merges extension XML namespaces now. - - CVE-2026-26032: path traversal vulnerability in PackagerResolver For complete information on Ivy, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Ivy website: https://ant.apache.org/ivy/ Stefan Bodewig, on behalf of the Apache Ant community -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAmpXpHYACgkQohFa4V9ri3IxjwCfdvTA3LzDg5/s0H/GeF9yn0xv EMgAnRmgq7w9H9G2UcA3Fp1lk05KVbhD =47/f -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
