Hotfix 2.14.2 (#273)

* Bump version 2.14.1 -> 2.14.2 * reformat file * bump dependencies * org.codehaus.groovy:groovy-bom:2.5.10 -> 2.5.14 * org.codehaus.groovy:groovy-all:2.5.10 -> 2.5.14 * org.osgi:osgi.core:7.0.0 -> 8.0.0 * com.github.everit-org.json-schema:org.everit.json.schema:1.12.1 -> 1.12.2 * org.apache.logging.log4j:log4j-api:2.15.0 -> 2.16.0 * org.apache.logging.log4j:log4j-core:2.15.0 -> 2.16.0 * Bump plugin versions * maven-surefire-plugin:2.21.0 -> 2.22.2 * org.codehaus.gmavenplus:gmavenplus-plugin:1.12.0 -> 1.12.1 * org.apache.maven.plugins:maven-site-plugin:3.7.1 -> 3.9.1 * org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0 -> 3.1.1 * Update CHANGELOG.rst * Introduce caching to codeql-analysis.yml * Update CHANGELOG.rst Co-authored-by: Steffengreiner <[email protected]> Co-authored-by: Steffengreiner <[email protected]>
qbicsoftware · Dec 17, 2021 · 46519c4 · 46519c4
1 parent 4707e74
commit 46519c4
Show file tree

Hide file tree

Showing 3 changed files with 256 additions and 222 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -45,6 +45,13 @@ jobs:
         java-version: 1.8
         settings-path: ${{ github.workspace }}
 
+    - name: Load local Maven repository cache
+      uses: actions/cache@v2
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-maven-
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -4,6 +4,30 @@ Changelog
 
 This project adheres to `Semantic Versioning <https://semver.org/>`_.
 
+2.14.2 (2021-12-16)
+-------------------
+
+**Added**
+
+**Fixed**
+
+* CVE-2021-45046
+
+**Dependencies**
+
+* `org.codehaus.groovy:groovy-bom:2.5.10` -> `2.5.14`
+* `org.codehaus.groovy:groovy-all:2.5.10` -> `2.5.14`
+* `org.osgi:osgi.core:7.0.0` -> 8.0.0
+* `com.github.everit-org.json-schema:org.everit.json.schema:1.12.1` -> `1.12.2`
+* `org.apache.logging.log4j:log4j-api:2.15.0` -> `2.16.0` (CVE-2021-45046)
+* `org.apache.logging.log4j:log4j-core:2.15.0` -> `2.16.0` (CVE-2021-45046)
+* `maven-surefire-plugin:2.21.0` -> `2.22.2`
+* `org.codehaus.gmavenplus:gmavenplus-plugin:1.12.0` -> `1.12.1`
+* `org.apache.maven.plugins:maven-site-plugin:3.7.1` -> `3.9.1`
+* `org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0` -> `3.1.1`
+
+**Deprecated**
+
 2.14.1 (2021-12-13)
 -------------------