Update commons-collections from 3.2.1 to 3.2.2 because of a major security vulnerability. There are many other open source projects use commons-collections and are also affected.
Please see http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ for the discovery of the vulnerability.
https://issues.apache.org/jira/browse/COLLECTIONS-580 has the discussion thread of the fix.
https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread The ASF response to the security vulnerability.
- is depended upon by
HADOOP-9991 Fix up Hadoop POMs, roll up JARs to latest versions
- is related to
HADOOP-12579 Deprecate WriteableRPCEngine