Upgrade maven-assembly-plugin to 3.7.1 - CVE-2023-37460

This bumps plexus-archiver to 4.9.2, which fixes CVE-2023-37460 (starting from 4.8) see: - https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317220&version=12353243 - https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317220&version=12354406 - https://nvd.nist.gov/vuln/detail/CVE-2023-37460
cantaloupe-project · Jul 30, 2024 · 58018db · 58018db
1 parent 5166598
commit 58018db
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/pom.xml b/pom.xml
@@ -371,7 +371,7 @@
         <dependency>
             <groupId>org.apache.maven.plugins</groupId>
             <artifactId>maven-assembly-plugin</artifactId>
-            <version>3.6.0</version>
+            <version>3.7.1</version>
             <type>maven-plugin</type>
         </dependency>
         <!-- Used by S3Source & S3Cache -->
@@ -503,7 +503,7 @@
             <!-- Assemble the JAR into a release package. -->
             <plugin>
                 <artifactId>maven-assembly-plugin</artifactId>
-                <version>3.6.0</version>
+                <version>3.7.1</version>
                 <executions>
                     <execution>
                         <phase>package</phase>