Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-12577

Bump up commons-collections version to 3.2.2 to address a security flaw

    Details

    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      Update commons-collections from 3.2.1 to 3.2.2 because of a major security vulnerability. There are many other open source projects use commons-collections and are also affected.

      Please see http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ for the discovery of the vulnerability.

      https://issues.apache.org/jira/browse/COLLECTIONS-580 has the discussion thread of the fix.

      https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread The ASF response to the security vulnerability.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jojochuang Wei-Chiu Chuang
                Reporter:
                jojochuang Wei-Chiu Chuang
              • Votes:
                0 Vote for this issue
                Watchers:
                17 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: