Thank you for pushing this release through Thomas! Gary On Nov 15, 2015 2:23 PM, "Thomas Neidhart" <thomas.neidh...@gmail.com> wrote:
> The Apache Commons team is pleased to announce the release of Apache > Commons Collections 3.2.2. The release is available for download at > > > > http://commons.apache.org/proper/commons-collections/download_collections.cgi > > Apache Commons Collections is a project to develop and maintain > collection classes based on and inspired by the JDK collection framework. > > This Collections 3.2.2 release is a security and bugfix release, fixing > several bugs present in the previous releases of the 3.2 branch. > > Additionally, this release provides a mitigation for a known remote code > exploitation via the standard java object serialization mechanism. By > default, serialization support for unsafe classes in the functor package > is disabled and will result in an exception when either trying to > serialize or de-serialize an instance of these classes. For more > details, please refer to COLLECTIONS-580. > > All users are strongly encouraged to updated to this release. > > See the release-notes at > > > http://commons.apache.org/proper/commons-collections/release_3_2_2.html > > http://www.apache.org/dist/commons/collections/RELEASE-NOTES-3.2.2.txt > > for a full list of changes. > > Please verify signatures using the KEYS file available at the above > location when downloading the release. > > For complete information on collections, including instructions on how > to submit bug reports, patches, or suggestions for improvement, see the > Apache Commons Collections website: > > http://commons.apache.org/proper/commons-collections/ > > Thomas, on behalf of the Apache Commons team > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
