The vulnerability we are talking about is known under number CVE-2015-4852. As far as we know this is only related to the
file commons-collections*.jar. In this jar file is a class that takes care of the deserialization.
Currently we are using commons-collections-3.2.1.jar.
Is there a version of this jar that does not have this vulnerability?