manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CONNECTORS-1565) Upgrade commons-collections to 3.2.2 (CVE-2015-6420)
Date Wed, 23 Jan 2019 08:59:00 GMT

    [ https://issues.apache.org/jira/browse/CONNECTORS-1565?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16749684#comment-16749684
] 

Karl Wright commented on CONNECTORS-1565:
-----------------------------------------

[~schuch], the precommit failure was known and I believe the nuxeo contributors were notified
at the time of the contribution.  Hasn't been addressed though.  We should follow up.

Please go ahead and commit your change.


> Upgrade commons-collections to 3.2.2 (CVE-2015-6420)
> ----------------------------------------------------
>
>                 Key: CONNECTORS-1565
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-1565
>             Project: ManifoldCF
>          Issue Type: Bug
>          Components: Framework core
>    Affects Versions: ManifoldCF 2.12
>            Reporter: Markus Schuch
>            Assignee: Markus Schuch
>            Priority: Critical
>             Fix For: ManifoldCF next
>
>         Attachments: CONNECTORS-1565.patch
>
>
> We should upgrade commons-collections to 3.2.2 due to a known security issue with 3.2.1
> https://commons.apache.org/proper/commons-collections/security-reports.html
> Further reading:
> [http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-andyour-application-have-in-common-this-vulnerability/]
> [https://www.cvedetails.com/cve/CVE-2015-6420/]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message