hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From apurt...@apache.org
Subject [4/6] hbase git commit: HBASE-14799 Commons-collections object deserialization remote command execution vulnerability
Date Mon, 23 Nov 2015 23:49:21 GMT
HBASE-14799 Commons-collections object deserialization remote command execution vulnerability


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/d4dea12e
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/d4dea12e
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/d4dea12e

Branch: refs/heads/branch-1.1
Commit: d4dea12e408bfb553dbf4952ab777248ef7bd159
Parents: 33a035d
Author: Andrew Purtell <apurtell@apache.org>
Authored: Mon Nov 23 13:37:19 2015 -0800
Committer: Andrew Purtell <apurtell@apache.org>
Committed: Mon Nov 23 15:40:27 2015 -0800

----------------------------------------------------------------------
 pom.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/d4dea12e/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 802cf80..ef4120b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1142,7 +1142,8 @@
     <commons-math.version>2.2</commons-math.version>
     <commons-net.version>3.1</commons-net.version>
     <disruptor.version>3.3.0</disruptor.version>
-    <collections.version>3.2.1</collections.version>
+    <!-- Do not use versions earlier than 3.2.2 due to a security vulnerability -->
+    <collections.version>3.2.2</collections.version>
     <httpclient.version>3.1</httpclient.version>
     <metrics-core.version>2.2.0</metrics-core.version>
     <guava.version>12.0.1</guava.version>


Mime
View raw message