Hi Team,
This is regarding "commons-collections Java library". In our applications we
are widely using this library and hence looking to urgently patch the fix for
vulnerability issue if it is available.
Searching on internet we found one patch released on Sunday 08th Nov
Hi Deepesh,
there is an ongoing vote to release commons-collections 3.2.2, which
by default prevents InvokerTransformer from being deserialized. You
can find the release notes here:
https://dist.apache.org/repos/dist/dev/commons/collections/RELEASE-NOTES.txt
For further information, please take