commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Thomas (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (COLLECTIONS-581) Deserialization vulnerability in Apache Commons Collection
Date Tue, 10 Nov 2015 10:00:18 GMT

     [ https://issues.apache.org/jira/browse/COLLECTIONS-581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Mark Thomas resolved COLLECTIONS-581.
-------------------------------------
    Resolution: Invalid

Jira is not the place to ask support questions. Please use the mailing list.

> Deserialization vulnerability in Apache Commons Collection
> ----------------------------------------------------------
>
>                 Key: COLLECTIONS-581
>                 URL: https://issues.apache.org/jira/browse/COLLECTIONS-581
>             Project: Commons Collections
>          Issue Type: Bug
>          Components: Functor
>    Affects Versions: 3.0, 3.1, 3.2.1
>            Reporter: Deepesh
>              Labels: patch
>
> Hi Team,
> This is regarding “commons-collections Java library”. In our applications we are
widely using this library and hence looking to urgently patch the fix for vulnerability issue
if it is available.
> Searching on internet we found one patch released on Sunday 08th Nov http://svn.apache.org/viewvc?view=revision&revision=1713307
> Just wanted to check with you if there is any updated / complied version of commons-collections
jar available or going to be released soon which we can directly replace with our existing
jar file that provides the fix for the vulnerability issue.
> Thanks in advance!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message