jira-importer commented on issue #544: URL: https://github.com/apache/maven-deploy-plugin/issues/544#issuecomment-2771550613
**[Alexander Kriegisch](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=kriegaex)** commented Sorry, [Michael Osipov](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=michael-o), we posted at the same time. I just documented the same fix in my edit above, see links and screenshot. Whatever "CVE fixes" might mean, 3.8.x should contain this fix too. It is rather difficult to understand for users that the upcoming 3.6.4 will contain a fix which in a higher version 3.8.x is not fixed. It might urge people to downgrade, which always feels a bit odd. Sorry for not knowing the ins and outs of Maven version numbers, I am sure there is a good explanation for it - just not an intuitive one. 😉 **Update:** I see, [CVE = Common Vulnerabilities and Exposures](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
