[ALSA-2022:1860] Moderate: maven:3.6 security and enhancement update
Type:
security
Severity:
moderate
Release date:
2022-05-10
Description:
Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fix(es): * apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages:
  • maven-resolver-1.4.1-3.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • jcl-over-slf4j-1.7.28-3.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • plexus-containers-component-annotations-2.1.0-2.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • maven-3.6.2-7.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • slf4j-1.7.28-3.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • apache-commons-codec-1.13-3.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • atinject-1-31.20100611svn86.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • plexus-interpolation-1.26-3.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • maven-openjdk11-3.6.2-7.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • maven-lib-3.6.2-7.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • sisu-0.3.4-2.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • plexus-classworlds-2.6.0-4.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • maven-openjdk8-3.6.2-7.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • apache-commons-cli-1.4-7.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • jsoup-1.12.1-3.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • maven-shared-utils-3.2.1-0.4.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • plexus-utils-3.3.0-3.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • jansi-1.18-4.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • maven-wagon-3.3.4-2.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • plexus-sec-dispatcher-1.4-29.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • httpcomponents-core-4.4.12-3.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • guava-28.1-3.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • cdi-api-2.0.1-3.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • maven-openjdk17-3.6.2-7.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • apache-commons-lang3-3.9-4.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • httpcomponents-client-4.5.10-4.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • apache-commons-io-2.6-6.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • google-guice-4.2.2-4.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • geronimo-annotation-1.0-26.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • plexus-cipher-1.7-17.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • jsr-305-0-0.25.20130910svn.module_el8.6.0+2786+d7c38b21.noarch.rpm
  • aopalliance-1.0-20.module_el8.6.0+2786+d7c38b21.noarch.rpm
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.