commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Gregory (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (BEANUTILS-489) You should upgrade dependendy on commons-collections to avoid CVE-2015-4852
Date Mon, 23 May 2016 20:55:14 GMT

     [ https://issues.apache.org/jira/browse/BEANUTILS-489?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Gary Gregory closed BEANUTILS-489.
----------------------------------
       Resolution: Duplicate
    Fix Version/s: 1.9.3

Duplicates [BEANUTILS-482].

> You should upgrade dependendy on commons-collections to avoid CVE-2015-4852
> ---------------------------------------------------------------------------
>
>                 Key: BEANUTILS-489
>                 URL: https://issues.apache.org/jira/browse/BEANUTILS-489
>             Project: Commons BeanUtils
>          Issue Type: Bug
>          Components: Locale BeanUtils / Converters
>    Affects Versions: 1.9.2
>         Environment: any
>            Reporter: jandry
>            Priority: Critical
>             Fix For: 1.9.3
>
>   Original Estimate: 1m
>  Remaining Estimate: 1m
>
> You have fix CVE-2014-0114 in benutils 1.9.2 but you still have a dependency on commons-collections
3.2.1 which is well known for CVE-2015-4852
> https://issues.apache.org/jira/browse/COLLECTIONS-583
> You must upgrade dependency to 3.2.2



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message