Changelog

Added

  • Store suppressions on S3 to avoid frequent releases of poms. [BUILD-818]

Fixed

  • Dismiss false positive about jbpm-bpmn2-7.70.0.Final.jar CVE-2019-14839. [MGNLWORKFLOW-410]

  • Dismiss mismatched CVE about commons-betwixt-0.8.jar CVE-2022-0869. [BUILD-821]

  • Dismiss older false positive h2-1.4.200.jar CVE-2018-14335. [BUILD-609]

Changed

  • Removed workaround for older IntelliJ versions to pick up the right Java version. At least from IntelliJ 2022.1 onwards, specifying the --release flag is sufficient. For older versions setting the --source flag via the <maven.compiler.source> Maven property locally can be used as a workaround.

  • Upgrade to latest 7.1.0 OWASP dependency-check Maven plugin. [BUILD-803]

Upgrading

Upgrading should be straightforward. Core artifacts will start being updated with Magnolia 6.2.20 release.

  • No labels