Ryan Blue created VELOCITY-869: ---------------------------------- Summary: Vulnerability in dependency: commons-collections:3.2.1 Key: VELOCITY-869 URL: https://issues.apache.org/jira/browse/VELOCITY-869 Project: Velocity Issue Type: Bug Components: Build Affects Versions: 1.7 Reporter: Ryan Blue
There is an arbitrary remote code execution bug in commons-collections, tracked by COLLECTIONS-580. Updating to the version where this bug is fixed, 3.2.2, will help downstream libraries (like avro-ipc) from pulling in the bad version. Thanks! -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org