[NXP-18385] Upgrade to commons-collections 3.2.2 - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.8.0-HF37, 6.0-HF23, 7.10-HF01, 8.1
Component/s: Nuxeo Package Management

Tags:
- Security

Description

The Apache Commons Collections contains Serializable classes that make it possible for a process doing unserialization without being careful to be vulnerable to user-submitted input.

-> Upgrade to commons-collections 3.2.2 which fixes the issue.

See COLLECTIONS-580 and http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ for more.

Attachments

Activity

People

Assignee:

Florent Guillaume

Reporter:

Florent Guillaume

Participants:

Florent Guillaume, Jenkins

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2015-11-16 10:53

Updated:

2015-11-17 00:40

Resolved:

2015-11-16 13:16