Matthew Moss
Matthew Moss
> In lieu of specifics, can you provide a cvss? NVD doesn't have an analysis yet. It would appear that NVD has CVSS at this time: https://nvd.nist.gov/vuln/detail/CVE-2022-35912 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@yamkazu The grails-gradle-plugin has been updated to 4.1.4.
That pull request was part of the 5.3.4 release, which did include the patch for CVE-2023-46131 but also created the plugin issue. Release 5.3.5 should resolve the plugin issue.
@jdaugherty > Snakeyaml is also being updated as part of the Grails 5.3.5 release and this in turn causes a substantial amount of plugin versions to mismatch / need upgrading....
My apologies for the problems. We're working on it. I should have an answer for you all soon.
For those who have had issues with 3.3.17 or 5.3.5, please give 3.3.18 or 5.3.6 a try. While fixing the CVE, an unrelated update was made that caused a major...
Version 4.1.x was also patched to 4.1.4 to revert the SnakeYAML change, and the blog post was updated with the fixed releases.
> Hi,Execution of grails command is failing. Isn't the projectVersion variable 4.1.4-SNAPSHOT in the first line of gradle.properties incorrect? Isn't it necessary to modify projectVersion=4.1.4? I'm looking into this.
@motohi The 4.1.4 release should be fixed.
@puneetbehl Can you confirm/release v4.1.4 of the Gradle plugin?