Undocumented 3.3.0 Release

[Alfagun74]

My Renovate bot recently found an upgrade to version 3.3.0 for java-cfenv-boot, which is causing issues when I deploy my app to Cloud Foundry.

Link: java-cfenv-boot 3.3.0 on Maven

However, I checked the repository and noticed that version 3.3.0 doesn’t appear in the codebase or the releases tab.

Could this be a potential supply chain security issue?

[Alfagun74]

possibly related to https://github.com/pivotal-cf/java-cfenv/pull/282