commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "jandry (JIRA)" <j...@apache.org>
Subject [jira] [Created] (BEANUTILS-489) You should upgrade dependendy on commons-collections to avoid CVE-2015-4852
Date Fri, 20 May 2016 08:16:12 GMT
jandry created BEANUTILS-489:
--------------------------------

             Summary: You should upgrade dependendy on commons-collections to avoid CVE-2015-4852
                 Key: BEANUTILS-489
                 URL: https://issues.apache.org/jira/browse/BEANUTILS-489
             Project: Commons BeanUtils
          Issue Type: Bug
          Components: Locale BeanUtils / Converters
    Affects Versions: 1.9.2
         Environment: any
            Reporter: jandry
            Priority: Critical


You have fix CVE-2014-0114 in benutils 1.9.2 but you still have a dependency on commons-collections
3.2.1 which is well known for CVE-2015-4852
https://issues.apache.org/jira/browse/COLLECTIONS-583

You must upgrade dependency to 3.2.2



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message