RELEASED: Public: 2018-08-15
Resolved issues
-
Remove erroneously bundled libraries from the plugin (CORE-505)
The plugin incorrect bundled some libraries (including
plexus-utils
) inside the plugin. The bundled version ofplexus-utils
contained a vulnerability to CVE-2017-1000487, however, this plugin did not use the vulnerable codepath so there is was vulnerability in the plugin itself.