[jira] [Created] (VELOCITY-869) Vulnerability in dependency: commons-collections:3.2.1

Ryan Blue (JIRA) Tue, 17 Nov 2015 14:20:35 -0800

Ryan Blue created VELOCITY-869:
----------------------------------

             Summary: Vulnerability in dependency: commons-collections:3.2.1
                 Key: VELOCITY-869
                 URL: https://issues.apache.org/jira/browse/VELOCITY-869
             Project: Velocity
          Issue Type: Bug
          Components: Build
    Affects Versions: 1.7
            Reporter: Ryan Blue



There is an arbitrary remote code execution bug in commons-collections, tracked 
by COLLECTIONS-580. Updating to the version where this bug is fixed, 3.2.2, 
will help downstream libraries (like avro-ipc) from pulling in the bad version. 
Thanks!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org
For additional commands, e-mail: dev-h...@velocity.apache.org

[jira] [Created] (VELOCITY-869) Vulnerability in dependency: commons-collections:3.2.1

Reply via email to