Update old release notes for CVE-2022-42920

garydgregory · garydgregory · commit 5d025cd60a3f · 2026-01-12T16:13:27.000-05:00
CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing
diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt
@@ -613,6 +613,7 @@ Apache Commons BCEL 6.6.0!
 The Byte Code Engineering Library (BCEL) is designed to provide users with a convenient way to analyze, create, and manipulate compiled .class files. 
 Classes are represented by objects containing all the symbolic information of the given class: methods, fields, and bytecode instructions.
 
+Fixes CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing.
 
 New Features
 -------------
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
@@ -315,7 +315,7 @@ The <action> type attribute can be add,update,fix,remove.
       <action                  type="update" dev="ggregory" due-to="Gary Gregory">Bump spotbugs-maven-plugub from 4.7.2.1 to 4.7.2.2.</action>
       <action                  type="update" dev="ggregory" due-to="Gary Gregory">Bump pmd from 6.50.0 to 6.51.0.</action>
     </release>
-    <release version="6.6.0" date="2022-10-08" description="Minor feature and bug fix release.">
+    <release version="6.6.0" date="2022-10-08" description="Minor feature and bug fix release. Fixes CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing">
       <!-- FIX -->
       <action                  type="fix" dev="ggregory" due-to="Mark Roberts, Gary Gregory">Improve test case coverage; fix Utility.encode bug #46.</action>
       <action issue="BCEL-342" type="fix" dev="ggregory" due-to="Allon Murienik, Gary Gregory">Migrate test suite to JUnit Jupiter #68.</action>
