Skip to content

1.9.4
Compare
Choose a tag to compare
@eed3si9n eed3si9n released this 25 Aug 01:32
· 47 commits to 1.9.x since this release
v1.9.4
This tag was signed with the committer’s verified signature.
eed3si9n eugene yokota
GPG key ID: 37890E298D9A2BFA
Learn about vigilant mode.
cdaae3b

CVE-2022-46751

CVE-2022-46751 is a security vulnerability discovered in Apache Ivy, but found also in Coursier.

With coordination with Apache Foundation, Adrien Piquerez (@adpi2) from Scala Center backported the fix to both our Ivy 2.3 fork and Coursier. sbt 1.9.4 updates them to the fixed versions.

Other updates

  • Fixes sbt_script lookup by replacing all spaces with %20 (not only the first one) in the path. by @arturaz in #7349
  • Fixes scala-debug-adapter#543: Maintain order of internal deps by @adpi2 in #7347
  • Removes conscriptConfigs task, not used and needed(?) anymore by @mkurz in #7353
  • Adds a Scala 3 seed to the sbt new menu by @SethTisue in #7354

new contributors

Full Changelog: v1.9.3...v1.9.4

Contributors

arturaz, SethTisue, and 2 other contributors
Assets 11