[ALSA-2026:38500] Important: maven:3.9 security update
Type:
security
Severity:
important
Release date:
2026-07-14
Description:
Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fix(es): * org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method (CVE-2025-67030) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 jansi-2.4.1-12.module_el9.6.0+148+fb6dc857.aarch64.rpm 06fde97877dd270f0ecf5b013d43984712428ad1ba5f5b5d8a393322896064f6
noarch sisu-0.9.0~M3-7.module_el9.6.0+148+fb6dc857.noarch.rpm 0068d3862eac581d1244a88f8aabd8da4bc2a149214df3e6332f6d1881756263
noarch maven-lib-3.9.9-13.module_el9.8.0+229+787fb9a7.noarch.rpm 013a955ca67a470521cf125f30fe0c80d6fc2f0cd4074e5467b9bc06e94a7920
noarch google-guice-5.1.0-23.module_el9.6.0+148+fb6dc857.noarch.rpm 125ab240f75159463d459a50b70127aa61a66ed6466c1b98e7e72a65156116b8
noarch apache-commons-io-2.16.1-9.module_el9.6.0+148+fb6dc857.noarch.rpm 16174a73cfc84903af6f4471c24018b74535c335cf5aa29d3a82dd0f88facbbc
noarch maven-openjdk11-3.9.9-13.module_el9.8.0+229+787fb9a7.noarch.rpm 193ca7922bdab1bebc00cfc84cdb04c583329734a296dae47377e44e46d9f861
noarch maven-resolver-1.9.22-6.module_el9.6.0+148+fb6dc857.noarch.rpm 206efd1b0da9d7053e07d3fa65d24886f20e2ddddbad3c6f2837145dbc559005
noarch plexus-containers-component-annotations-2.2.0-10.module_el9.6.0+148+fb6dc857.noarch.rpm 23f68d37cb57f3040a2f06ca0ad0b7425c4776bef698284bb5c32641e3d9b9ce
noarch maven-openjdk17-3.9.9-13.module_el9.8.0+229+787fb9a7.noarch.rpm 2fa08ecea399a1912665d3fb1703c05fe278656bb5eb2c35afd45a42555d2063
noarch plexus-sec-dispatcher-2.0-28.module_el9.6.0+148+fb6dc857.noarch.rpm 355f079b47dd677a1fa96c87b03ff84dc41d9fa1b1f5d216e09d5b64ebd01beb
noarch plexus-utils-3.5.1-17.module_el9.8.0+282+e62fc403.1.noarch.rpm 42ffb75bbd9b3e338c7d32e8d104f10f840c61eef11abca0bc8c1d3f585d9fce
noarch jcl-over-slf4j-1.7.36-9.module_el9.6.0+148+fb6dc857.noarch.rpm 44944cc4a43b396145ddfff53aee410c0ea976fa7fb408e461af66e2350c3d2a
noarch slf4j-1.7.36-9.module_el9.6.0+148+fb6dc857.noarch.rpm 451b9bbb1235ad094a6c78342fb8355ff77d4fd6b3669e64dc9f8b556a10047c
noarch plexus-classworlds-2.8.0-9.module_el9.6.0+148+fb6dc857.noarch.rpm 51d092c60f21d54c339c021d92cc8fef9003e664d4a24e6c7de8ce46112eb5ee
noarch apache-commons-cli-1.9.0-4.module_el9.6.0+148+fb6dc857.noarch.rpm 56cab142f75ee073a33918f63cb431f3f149d9759be85e2a291721a35b661a10
noarch maven-openjdk25-3.9.9-13.module_el9.8.0+229+787fb9a7.noarch.rpm 754addd6d3f04ab900c47775cfc8190a8da0985c86ebc0d8b3e1d6d2a98e9d8f
noarch plexus-interpolation-1.27-10.module_el9.6.0+148+fb6dc857.noarch.rpm 7ff65c99b5cfb055a1ba6ce4e965c70bd7e9e43550ce7df4fd3ab16c917ac172
noarch httpcomponents-core-4.4.16-21.module_el9.6.0+148+fb6dc857.noarch.rpm 8ab2f7de652b168e63235a2cdb1aa18bfdd65874de65b98131071fff64308595
noarch maven-unbound-3.9.9-13.module_el9.8.0+229+787fb9a7.noarch.rpm 98411993464cfc1be59b326861976a020c081b9ecb3e00020886626c0f5738cd
noarch apache-commons-codec-1.17.1-8.module_el9.6.0+148+fb6dc857.noarch.rpm 99d95463c03e6bf061ba1d4cee25e8001708017cd08afca31f787641bda5c216
noarch maven-3.9.9-13.module_el9.8.0+229+787fb9a7.noarch.rpm 9dc575ec379acf23c42f2f24723564418f241254fd0ecc2609f7721d04615bbc
noarch plexus-cipher-2.0-25.module_el9.6.0+148+fb6dc857.noarch.rpm 9ee651942405bd06f4f0051fc30526737f6dae92e090ce141e202372281eeac6
noarch atinject-1.0.5-14.module_el9.6.0+148+fb6dc857.noarch.rpm a2970b4cf013e030528956075c7a5fd78763309f8a33b72e6aab2de9456b5d36
noarch maven-openjdk8-3.9.9-13.module_el9.8.0+229+787fb9a7.noarch.rpm a5c21f9b7b9b729197addc6cf1f0acfbaf7a7e98b3b98d64e1ae4cd91276ebe1
noarch jakarta-annotations-1.3.5-38.module_el9.6.0+148+fb6dc857.noarch.rpm a5cd127cea4d1a3b7d5976617ccedcec1a881b8b993ee1d4b3a74c971c90daae
noarch guava-33.3.0-5.module_el9.6.0+148+fb6dc857.noarch.rpm ad3c8ee977ad4ba8691c734349c9b4f0099c2db54c387a97a4386b3dd390a494
noarch httpcomponents-client-4.5.14-21.module_el9.6.0+148+fb6dc857.noarch.rpm add1d5437455f933172e1a1e8d88d3d830a27744aec457792abf5e2c38281688
noarch jsr-305-3.0.2-36.module_el9.6.0+148+fb6dc857.noarch.rpm bde7485a59bd2cebcec0886b030996bbd471cd9d2a01e133886602602ab3ce3a
noarch maven-shared-utils-3.4.2-19.module_el9.6.0+148+fb6dc857.noarch.rpm c3fb1a2a3f787c705c7c5ea4b59d8603aa51215e2f4248e13fd79faef4b81552
noarch maven-wagon-3.5.3-17.module_el9.6.0+148+fb6dc857.noarch.rpm c637e1092cac547cd8b9bcae126bc7e2d5d138f8862aca9493ac13301804da08
noarch maven-openjdk21-3.9.9-13.module_el9.8.0+229+787fb9a7.noarch.rpm c6c41819a4134c9548a573ee36bf34df4d4b3276008fe9741b37e2751e159c1b
noarch aopalliance-1.0-51.module_el9.6.0+148+fb6dc857.noarch.rpm d8789fd27e9fcd05738d1310118583738d264ee4d5a84ece00c3e06a71ea6d7f
ppc64le jansi-2.4.1-12.module_el9.6.0+148+fb6dc857.ppc64le.rpm 77ba76736772511b7878fef5a19af9d9816883fdcbcd35e5c8dfc761e880b161
s390x jansi-2.4.1-12.module_el9.6.0+148+fb6dc857.s390x.rpm ac5242eaa56897862277e8078da6bca823a703e0aeef9ef4b76e7e5dc5732909
x86_64 jansi-2.4.1-12.module_el9.6.0+148+fb6dc857.x86_64.rpm 32cfff77103127edce3f33c6e08f16c517b90c6a872fd2a02ca96b3496df3ada
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.