Eclipse JGit: Java implementation of Git 7.2.1 | projects.eclipse.org

Bug Fixes

#157 Fix package name of spring boot JarLauncher class in jgit.sh

Security Fixes

The following changes fix CVE-2025-4949:

ManifestParser: Do not accept DOCTYPE and entities to harden XML parser
AmazonS3: Do not accept DOCTYPE and entities to harden XML parser

Kudos to Simon Gerst for reporting this vulnerability.

Release Date

Thursday, May 15, 2025 - 12:00

Release Type

Service release (bug fixes only)

Back to the top