commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Deepesh (JIRA)" <j...@apache.org>
Subject [jira] [Created] (COLLECTIONS-581) Deserialization vulnerability in Apache Commons Collection
Date Tue, 10 Nov 2015 09:56:10 GMT
Deepesh created COLLECTIONS-581:
-----------------------------------

             Summary: Deserialization vulnerability in Apache Commons Collection
                 Key: COLLECTIONS-581
                 URL: https://issues.apache.org/jira/browse/COLLECTIONS-581
             Project: Commons Collections
          Issue Type: Bug
          Components: Functor
    Affects Versions: 3.2.1, 3.1, 3.0
            Reporter: Deepesh


Hi Team,

This is regarding “commons-collections Java library”. In our applications we are widely
using this library and hence looking to urgently patch the fix for vulnerability issue if
it is available.
Searching on internet we found one patch released on Sunday 08th Nov http://svn.apache.org/viewvc?view=revision&revision=1713307

Just wanted to check with you if there is any updated / complied version of commons-collections
jar available or going to be released soon which we can directly replace with our existing
jar file that provides the fix for the vulnerability issue.

Thanks in advance!




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message