Type B - Full IP Due Diligience (License, Provenance, Scanning)

All third-party content is reviewed and certified as license-compatible with the project license, and has had the provenance validated and content scanned for anomalies by the Eclipse IP Team.

4.2.0

Papyrus 4.2.0 will provide improvements on the following topics:

Release Date: 
Wednesday, December 19, 2018

5.1.2

Bug Fixes

CVE-2018-17456

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

JGit itself is not affected by this vulnerability. This release implements validation of .gitmodules files in JGit to protect unguarded tools.

Release Date: 
Saturday, October 6, 2018

4.11.4

Bug Fixes

CVE-2018-17456

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

JGit itself is not affected by this vulnerability. This release implements validation of .gitmodules files in JGit to protect unguarded tools.

Release Date: 
Saturday, October 6, 2018

4.9.6

Bug Fixes

CVE-2018-17456

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

JGit itself is not affected by this vulnerability. This release implements validation of .gitmodules files in JGit to protect unguarded tools.

Release Date: 
Saturday, October 6, 2018

4.7.5

Bug Fixes

CVE-2018-17456

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

JGit itself is not affected by this vulnerability. This release implements validation of .gitmodules files in JGit to protect unguarded tools.

Release Date: 
Saturday, October 6, 2018

9.5.4

Bug fix release for issues identified following release of CDT 9.5.3. The main resolved issue is adding support for GCC 8's libstdc++ by adding support for __is_constructible type trait intrinsic, see Bug 539052

Release Date: 
Monday, October 8, 2018

5.2.0

We plan to contribute this release to the 2018-12 simultaneous release of Eclipse

Details TBD

Release Date: 
Wednesday, December 19, 2018