I have created https://issues.apache.org/jira/browse/SM-2806 for this
On 08.01.2016 14:53, Krzysztof Sobkowiak wrote: > Indeed. The Camel included in 6.0.2 depends on 3.2.2 but ActiveMQ and CXF > still on 3.2.1. > The new ActiveMQ which is currently under the vote has the new Commons > Collections, but CXF still depends on 3.2.1. > I'll include the correct version in the new ServiceMix release using > overrides mechanism. > > Thanks for reporting of the problem. > > Regards > Krzysztof > > On 08.01.2016 11:33, jovo wrote: >> ksobkowiak wrote >>> The ServiceMix team is pleased to announce the availability of Apache >>> ServiceMix 6.0.2. >>> >>> >>> The new Apache Camel version included in this release also updates the >>> Apache Commons >>> Collections library to version 3.2.2 that contains a patch for a reported >>> object de-serialization vulnerability >>> <https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread>. >> Hi, >> >> Why does this release still contains >> "apache-servicemix-6.0.2/system/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar" >> and not >> "apache-servicemix-6.0.2/system/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar" >> ? >> >> Regards, >> Joop >> >> >> >> >> >> -- >> View this message in context: >> http://servicemix.396122.n5.nabble.com/ANN-Apache-ServiceMix-6-0-2-released-tp5723299p5723338.html >> Sent from the ServiceMix - Dev mailing list archive at Nabble.com. -- Krzysztof Sobkowiak JEE & OSS Architect, Integration Architect Apache Software Foundation Member (http://apache.org/) Apache ServiceMix Committer & PMC Member (http://servicemix.apache.org/) Senior Solution Architect @ Capgemini SSC (http://www.capgeminisoftware.pl/) Robocap.pl - workshops of programming and robotics for kids (http://robocap.pl/)
