[jira] [Commented] (OFBIZ-6726) Update commons collections 3.2.1 because of known possible exploit

Jacques Le Roux (JIRA) Wed, 18 Nov 2015 12:43:27 -0800

    [ 
https://issues.apache.org/jira/browse/OFBIZ-6726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15011915#comment-15011915
 ]


Jacques Le Roux commented on OFBIZ-6726:
----------------------------------------

AFAIK, the upgrade should not affect OFBiz users in any ways. 
Here are some information about the possible exploit:
https://issues.apache.org/jira/browse/OFBIZ-6568?focusedCommentId=14998306
https://issues.apache.org/jira/browse/COLLECTIONS-580 TL;DR: see the comment 
about COLLECTIONS-580 in 
http://commons.apache.org/proper/commons-collections/release_3_2_2.html
http://www.ibm.com/developerworks/library/se-lookahead/



> Update commons collections 3.2.1 because of known possible exploit
> ------------------------------------------------------------------
>
>                 Key: OFBIZ-6726
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-6726
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: framework
>    Affects Versions: Release Branch 12.04, Release Branch 13.07, Release 
> Branch 14.12, Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>             Fix For: 14.12.01, 12.04.06, 13.07.03, Upcoming Branch
>
>
> Done to 3.2.2 at revision: 
> trunk 1714571  
> R14.12 1714575
> R13.07 1714576
> R13.04 1714577



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (OFBIZ-6726) Update commons collections 3.2.1 because of known possible exploit

Reply via email to