commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chtom...@apache.org
Subject [43/50] commons-collections git commit: history.xml is missing version 3.2.2.
Date Tue, 11 Jul 2017 17:56:13 GMT
history.xml is missing version 3.2.2.

git-svn-id: https://svn.apache.org/repos/asf/commons/proper/collections/branches/COLLECTIONS_3_2_X@1714253
13f79535-47bb-0310-9956-ffa450edef68


Project: http://git-wip-us.apache.org/repos/asf/commons-collections/repo
Commit: http://git-wip-us.apache.org/repos/asf/commons-collections/commit/ad0f9faf
Tree: http://git-wip-us.apache.org/repos/asf/commons-collections/tree/ad0f9faf
Diff: http://git-wip-us.apache.org/repos/asf/commons-collections/diff/ad0f9faf

Branch: refs/heads/COLLECTIONS_3_2_X
Commit: ad0f9faf5e2ad4913c205ffd2db274dcd5baacaa
Parents: 6a3dbcd
Author: Gary D. Gregory <ggregory@apache.org>
Authored: Fri Nov 13 18:55:07 2015 +0000
Committer: Gary D. Gregory <ggregory@apache.org>
Committed: Fri Nov 13 18:55:07 2015 +0000

----------------------------------------------------------------------
 xdocs/history.xml | 8 ++++++++
 1 file changed, 8 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/commons-collections/blob/ad0f9faf/xdocs/history.xml
----------------------------------------------------------------------
diff --git a/xdocs/history.xml b/xdocs/history.xml
index 262f623..cf9d6ec 100644
--- a/xdocs/history.xml
+++ b/xdocs/history.xml
@@ -104,6 +104,14 @@ Notably MultiValueMap is a new more flexible implementation of MultiHashMap.
 <b>Collections 3.2.1</b> Re-packaged v3.2 release which is OSGi enabled.
 </p>
 
+<p>
+<b>Collections 3.2.2</b> Serialization support for unsafe classes in the functor
package is disabled by default as 
+this can be exploited for remote code execution attacks. To re-enable the feature the system
property 
+"org.apache.commons.collections.enableUnsafeSerialization" needs to be set to "true". Classes
considered to be 
+unsafe are: CloneTransformer, ForClosure, InstantiateFactory, InstantiateTransformer, InvokerTransformer,

+PrototypeCloneFactory, PrototypeSerializationFactory, WhileClosure. Fixes COLLECTIONS-580.
Other bug fixes as well.
+</p>
+
 </section>
 
 </body>


Mime
View raw message