[MCHANGES-455] Freshly released plugin contains CVE-warnings

[jira-importer]

Philipp Ottlinger opened MCHANGES-455 and commented

I was happy to find the new RC 3.0.0-M1 ... when I had a look at

 

https://mvnrepository.com/artifact/org.apache.maven.plugins/maven-changes-plugin/3.0.0-M1

I already saw 2 CVE-warnings. Not sure how easy these can be fixed in the next release cycle.

 

Thanks for all your work and help

---

Affects: 3.0.0-M1

Issue Links:

• MCHANGES-454 Deprecate Trac integration

[jira-importer]

Slawomir Jaranowski commented

• xmlrpc-common - is needed by Trac integration - there is no newer version .... by the way Trac is deprecated and I would like to delete it MCHANGES-454
• maven-core is a provided dependencies - not use by plugin in runtime - current executing Maven by user is used

[jira-importer]

Philipp Ottlinger commented

Thanks for having a closer look - fingers crossed for the upcoming release and thanks&kudos again for all your work sjaranowski