-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Apache Ant Team is pleased to announce the releases of Apache Ant
1.9.12 and 1.10.4.

Apache Ant is a Java library and command-line tool that helps building
software.

The Apache Ant team currently maintains two lines of development. The
1.9.x releases require Java5 at runtime and 1.10.x requires Java8 at
runtime. Both lines are based off of Ant 1.9.7 and the 1.9.x releases
are mostly bug fix releases while additional new features are developed
for 1.10.x. We recommend using 1.10.4 unless you are required to use
versions of Java prior to Java8 during the build process.

Ant 1.10.4 contains a superset of 1.9.12 - with the exception of a few
tasks and features that no longer work with Java8 anyway (like the apt
task).

Both releases are mostly bug fix releases with a few new features
being added. In both releases the untar, unjar and unzip will no
longer extract entries whose names would make the created files be
placed outside of the destination directory by default. This is based
on a recommendation by the Snyk Security Research Team.

Source and binary distributions are available for download from the
Apache Ant download site:

http://ant.apache.org/bindownload.cgi
http://ant.apache.org/srcdownload.cgi

When downloading, please verify signatures using the KEYS file available
at the above location when downloading the release.

Changes in 1.10.4 include:
==========================

Changes that could break older environments:
- -------------------------------------------

* <unzip>, <unjar> and <untar> will no longer extract entries whose
names would make the created files be placed outside of the
destination directory anymore by default. A new attribute
allowFilesToEscapeDest can be used to override the behavior.
Another special case is when stripAbsolutePathSpec is false (which
no longer is the default) and the entry's name starts with a
(back)slash and allowFilesToEscapeDest hasn't been specified
explicitly, in this case the file may be created outside of the
dest directory as well.
In addition stripAbsolutePathSpec is now true by default.
Based on a recommendation by the Snyk Security Research Team.

Fixed bugs:
- -----------

* Delay the class initialization of the test classes until they are
passed to JUnit. This way we can avoid that failing static initializers
from non-test classes are reported as error when the 'skipNonTests' option
is 'true'.
Bugzilla Report 60062

* The junit task when used with includeantruntime="no" was incorrectly
printing a warning about multiple versions of ant detected in path

* <cab> died with a NullPointerException since Ant 1.10.2.
Bugzilla Report 62335

* The <depend> task would fail with
"java.lang.ClassFormatError: Invalid Constant Pool entry Type 19" while
parsing a module-info.class. The task is compatible with
Java bytecode version 53 now.
Bug reported by Simon IJskes https://issues.apache.org/jira/browse/NETBEANS-781

* Default and SecureInputHandler will now raise an error when then
end of the input stream (usually System.in or System.console) are
reached before a valid input has been read.

* junitreport does not list testsuites that fail to start any tests
because of an exception inside the all-tests and alltests-errors frames.
Bugzilla Report 62443

Other changes:
- --------------

* AntAssert is deprecated, assertThat from JUnit 4.4+, Hamcrest matchers and/or
ExpectedException rule provide equivalent functionality

* PumpStreamHandler now explicitly verifies the streams for output
and error are not null and will throw an exception if they
are. This way creating a PumpStreamHandler will fail early as
opposed to some obscure errors later when closing streams or
finishing threads might fail.
Bugzilla Report 62148

* <property> has a new attribute runtime which can be used to set
properties with values taken as snapshots from the
availableProcessors, freeMemory, maxMemory and totalMemory methods
of the Java Runtime class.

* linecontains filter now has a new "matchAny" attribute which when
set to "true" allows any (instead of all) of the user-specified
strings to be present in the line.
Bugzilla Report 62313

* <resourcelist> has a new basedir attribute that can be used to
resolve relative names and provides a root for the FileResources
generated.
Bugzilla Report 62379

* The <includesfile> and <excludesfile> nested elements of
<patternset> and <fileset> now support an encoding attribute that
can be used to specify the file's encoding.
Bugzilla Report 62379

* New file selectors, posixGroup and posixPermissions, are available.
The new selectors and related ownedBy selector have "followSymlinks"
attribute that defaults to "true" for consistency.
Bugzilla Report 22370

* The junitlauncher task now has a "printSummary" attribute which when
set to "true" will print the test execution summary to System.out.

Changes in 1.9.12 include:
==========================

Changes that could break older environments:
- -------------------------------------------

* <unzip>, <unjar> and <untar> will no longer extract entries whose
names would make the created files be placed outside of the
destination directory anymore by default. A new attribute
allowFilesToEscapeDest can be used to override the behavior.
Another special case is when stripAbsolutePathSpec is false (which
no longer is the default) and the entry's name starts with a
(back)slash and allowFilesToEscapeDest hasn't been specified
explicitly, in this case the file may be created outside of the
dest directory as well.
In addition stripAbsolutePathSpec is now true by default.
Based on a recommendation by the Snyk Security Research Team.

Fixed bugs:
- -----------

* Delay the class initialization of the test classes until they are
passed to JUnit. This way we can avoid that failing static initializers
from non-test classes are reported as error when the 'skipNonTests' option
is 'true'.
Bugzilla Report 60062

* The junit task when used with includeantruntime="no" was incorrectly
printing a warning about multiple versions of ant detected in path

* Default and SecureInputHandler will now raise an error when then
end of the input stream (usually System.in or System.console) are
reached before a valid input has been read.

* junitreport does not list testsuites that fail to start any tests
because of an exception inside the all-tests and alltests-errors frames.
Bugzilla Report 62443

Other changes:
- --------------

* PumpStreamHandler now explicitly verifies the streams for output
and error are not null and will throw an exception if they
are. This way creating a PumpStreamHandler will fail early as
opposed to some obscure errors later when closing streams or
finishing threads might fail.
Bugzilla Report 62148

* <property> has a new attribute runtime which can be used to set
properties with values taken as snapshots from the
availableProcessors, freeMemory, maxMemory and totalMemory methods
of the Java Runtime class.

* <resourcelist> has a new basedir attribute that can be used to
resolve relative names and provides a root for the FileResources
generated.
Bugzilla Report 62379

* The <includesfile> and <excludesfile> nested elements of
<patternset> and <fileset> now support an encoding attribute that
can be used to specify the file's encoding.
Bugzilla Report 62379

For complete information on Ant, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Ant website:

http://ant.apache.org/

Stefan Bodewig, on behalf of the Apache Ant community
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlstGDEACgkQohFa4V9ri3LtGwCffwQJhD6PKZ06vNHCFkyumYuX
EWQAoJrQ1BnVQmg4FVY507woJbhzvVQW
=qV2y
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: user-***@ant.apache.org
For additional commands, e-mail: user-***@ant.apache.org