hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From apurt...@apache.org
Subject [6/6] hbase git commit: HBASE-14799 Commons-collections object deserialization remote command execution vulnerability
Date Mon, 23 Nov 2015 23:49:23 GMT
HBASE-14799 Commons-collections object deserialization remote command execution vulnerability


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/f553bcf4
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/f553bcf4
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/f553bcf4

Branch: refs/heads/master
Commit: f553bcf469544d1973b9979a98e6e2a596170eb5
Parents: 0f3e2e0
Author: Andrew Purtell <apurtell@apache.org>
Authored: Mon Nov 23 13:37:19 2015 -0800
Committer: Andrew Purtell <apurtell@apache.org>
Committed: Mon Nov 23 15:40:30 2015 -0800

----------------------------------------------------------------------
 pom.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/f553bcf4/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 9cfb311..d772c4b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1176,7 +1176,8 @@
     <commons-math.version>2.2</commons-math.version>
     <commons-net.version>3.1</commons-net.version>
     <disruptor.version>3.3.0</disruptor.version>
-    <collections.version>3.2.1</collections.version>
+    <!-- Do not use versions earlier than 3.2.2 due to a security vulnerability -->
+    <collections.version>3.2.2</collections.version>
     <httpclient.version>3.1</httpclient.version>
     <metrics-core.version>2.2.0</metrics-core.version>
     <guava.version>12.0.1</guava.version>


Mime
View raw message