[ https://issues.apache.org/jira/browse/CONFIGURATION-818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary D. Gregory resolved CONFIGURATION-818. ------------------------------------------- Resolution: Fixed > Stackoverflow bugs fixed in 2.8.0 > --------------------------------- > > Key: CONFIGURATION-818 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-818 > Project: Commons Configuration > Issue Type: Bug > Affects Versions: 2.7 > Reporter: Henry Lin > Priority: Major > Labels: security > Fix For: 2.8.0 > > > Dear Apache Commons Configuration maintainers, > The Code Intelligence JVM fuzzer > [Jazzer|https://github.com/CodeIntelligenceTesting/jazzer] has found multiple > vulnerabilities in Apache Commons Configuration during a fuzzing run in > [Google OSS-Fuzz|https://github.com/google/oss-fuzz]. The vulnerabilities > were already fixed. Version <= 2.7 of Apache Commons Configuration is > vulnerable. > Detailed Information can be found here: > [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48737] > [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48610] > [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48522] > [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48391] > [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48195] > > Please let me know if you have any questions regarding fuzzing or the > OSS-Fuzz integration. -- This message was sent by Atlassian Jira (v8.20.10#820010)