A nasty vulnerability was found in sbt! ⚠️ Specifically, a command injection flaw affecting Windows users when resolving source dependencies.
The good news is that it's already fixed. If you build on Windows, make sure to update your project to sbt 1.12.8 or sbt 2.0.0-RC10 immediately.
#scala

Fixing a Command Injection Vulnerability in sbt
During our ongoing work on sbt 2, we discovered and fixed a command injection vulnerability affecting sbt on Windows.



