commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Thomas (JIRA)" <>
Subject [jira] [Resolved] (COLLECTIONS-581) Deserialization vulnerability in Apache Commons Collection
Date Tue, 10 Nov 2015 10:00:18 GMT


Mark Thomas resolved COLLECTIONS-581.
    Resolution: Invalid

Jira is not the place to ask support questions. Please use the mailing list.

> Deserialization vulnerability in Apache Commons Collection
> ----------------------------------------------------------
>                 Key: COLLECTIONS-581
>                 URL:
>             Project: Commons Collections
>          Issue Type: Bug
>          Components: Functor
>    Affects Versions: 3.0, 3.1, 3.2.1
>            Reporter: Deepesh
>              Labels: patch
> Hi Team,
> This is regarding “commons-collections Java library”. In our applications we are
widely using this library and hence looking to urgently patch the fix for vulnerability issue
if it is available.
> Searching on internet we found one patch released on Sunday 08th Nov
> Just wanted to check with you if there is any updated / complied version of commons-collections
jar available or going to be released soon which we can directly replace with our existing
jar file that provides the fix for the vulnerability issue.
> Thanks in advance!

This message was sent by Atlassian JIRA

View raw message