[
https://issues.apache.org/jira/browse/CONNECTORS-1565?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16749629#comment-16749629
]
Markus Schuch commented on CONNECTORS-1565:
-------------------------------------------
Ran MCF with this library version for some time now and no errors were
encountered.
[~kwri...@metacarta.com] what about the failing precommit task? is this a known
issue?
> Upgrade commons-collections to 3.2.2 (CVE-2015-6420)
> ----------------------------------------------------
>
> Key: CONNECTORS-1565
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1565
> Project: ManifoldCF
> Issue Type: Bug
> Components: Framework core
> Affects Versions: ManifoldCF 2.12
> Reporter: Markus Schuch
> Assignee: Markus Schuch
> Priority: Critical
> Fix For: ManifoldCF next
>
> Attachments: CONNECTORS-1565.patch
>
>
> We should upgrade commons-collections to 3.2.2 due to a known security issue
> with 3.2.1
> https://commons.apache.org/proper/commons-collections/security-reports.html
> Further reading:
> [http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-andyour-application-have-in-common-this-vulnerability/]
> [https://www.cvedetails.com/cve/CVE-2015-6420/]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
