manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CONNECTORS-1565) Upgrade commons-collections to 3.2.2 (CVE-2015-6420)
Date Tue, 08 Jan 2019 08:33:00 GMT

    [ https://issues.apache.org/jira/browse/CONNECTORS-1565?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16736878#comment-16736878
] 

Karl Wright commented on CONNECTORS-1565:
-----------------------------------------

I'm concerned that we would break something because essentially it disables behavior (you
need to turn on the behavior if you want it now, explicitly).  Nevertheless, if all the integration
tests we have pass, I'm OK with it.  The worst that can happen is that somebody will open
a ticket against one of our connectors and we'll have to roll it back.


> Upgrade commons-collections to 3.2.2 (CVE-2015-6420)
> ----------------------------------------------------
>
>                 Key: CONNECTORS-1565
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-1565
>             Project: ManifoldCF
>          Issue Type: Bug
>          Components: Framework core
>    Affects Versions: ManifoldCF 2.12
>            Reporter: Markus Schuch
>            Assignee: Markus Schuch
>            Priority: Critical
>             Fix For: ManifoldCF next
>
>
> We should upgrade commons-collections to 3.2.2 due to a known security issue with 3.2.1
> https://commons.apache.org/proper/commons-collections/security-reports.html
> Further reading:
> [http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-andyour-application-have-in-common-this-vulnerability/]
> [https://www.cvedetails.com/cve/CVE-2015-6420/]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message