[ https://issues.apache.org/jira/browse/RAT-213?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Philipp Ottlinger updated RAT-213: ---------------------------------- Description: Upgrade as requested with the Git PR. Thanks to https://github.com/gmlewis Glenn Lewis h3. Context Version 3.2.1 has a CVSS 10.0 vulnerability. That is the worst kind of vulnerability that exists. By merely existing on the classpath, this library causes the Java serialization parser for the entire JVM process to go from being a state machine to a turing machine. A turing machine with an exec() function! https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8103 https://commons.apache.org/proper/commons-collections/security-reports.html http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ was: Upgrade as requested with the Git PR. Thanks to https://github.com/gmlewis Glenn Lewis > Upgrade Apache Commons Collections to v3.2.2 > -------------------------------------------- > > Key: RAT-213 > URL: https://issues.apache.org/jira/browse/RAT-213 > Project: Apache Rat > Issue Type: Improvement > Affects Versions: 0.11 > Reporter: Philipp Ottlinger > Assignee: Philipp Ottlinger > Fix For: 0.12 > > > Upgrade as requested with the Git PR. > Thanks to https://github.com/gmlewis Glenn Lewis > h3. Context > Version 3.2.1 has a CVSS 10.0 vulnerability. That is the worst kind of > vulnerability that exists. By merely existing on the classpath, this > library causes the Java serialization parser for the entire JVM process > to go from being a state machine to a turing machine. A turing machine > with an exec() function! > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8103 > https://commons.apache.org/proper/commons-collections/security-reports.html > http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ -- This message was sent by Atlassian JIRA (v6.3.4#6332)