roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (ROL-2103) Upgrade vulnerable commons-collections to 3.2.2
Date Thu, 03 Nov 2016 04:14:58 GMT


ASF GitHub Bot commented on ROL-2103:

GitHub user lbtc-xxx opened a pull request:

    ROL-2103 Upgrade vulnerable commons-collections to 3.2.2


You can merge this pull request into a Git repository by running:

    $ git pull feature/ROL-2103

Alternatively you can review and apply these changes as the patch at:

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #6
commit 958c49134fff0db7ef7deb94febea51c6a83da60
Author: Kohei Nozaki <>
Date:   2016-11-03T04:05:22Z

    ROL-2103 Upgrade vulnerable commons-collections to 3.2.2


> Upgrade vulnerable commons-collections to 3.2.2
> -----------------------------------------------
>                 Key: ROL-2103
>                 URL:
>             Project: Apache Roller
>          Issue Type: Improvement
>          Components: Installation & Configuration
>    Affects Versions: 5.1.2
>            Reporter: Kohei Nozaki
>            Assignee: Roller Unassigned
>            Priority: Trivial
>         Attachments: ROL-2103.patch
> As reported in CVE-2015-4852 or
there is a vulnerability in commons-collections.
> It's a transitive depdendency of Velocity and I think current Roller has not affected
from it, but I think any vulnerable code should be removed from our distribution anyway.
> NOTE: Velocity has been upgraded commons collections as well in svn their trunk but I'm
not sure when the next release of Velocity will come out.

This message was sent by Atlassian JIRA

View raw message