[jira] [Commented] (VELOCITY-869) Vulnerability in dependency: commons-collections:3.2.1

Claude Brisson (JIRA) Thu, 03 Nov 2016 02:02:27 -0700

    [ 
https://issues.apache.org/jira/browse/VELOCITY-869?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15632130#comment-15632130
 ]


Claude Brisson commented on VELOCITY-869:
-----------------------------------------

There probably won't be any more 1.x release, but the 2.0 should not take long, 
now.

> Vulnerability in dependency: commons-collections:3.2.1
> ------------------------------------------------------
>
>                 Key: VELOCITY-869
>                 URL: https://issues.apache.org/jira/browse/VELOCITY-869
>             Project: Velocity
>          Issue Type: Bug
>          Components: Build
>    Affects Versions: 1.7
>            Reporter: Ryan Blue
>            Assignee: Sergiu Dumitriu
>             Fix For: 2.x, 1.x
>
>
> There is an arbitrary remote code execution bug in commons-collections, 
> tracked by COLLECTIONS-580. Updating to the version where this bug is fixed, 
> 3.2.2, will help downstream libraries (like avro-ipc) from pulling in the bad 
> version. Thanks!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org
For additional commands, e-mail: dev-h...@velocity.apache.org

[jira] [Commented] (VELOCITY-869) Vulnerability in dependency: commons-collections:3.2.1

Reply via email to