Uploaded image for project: 'Maven Dependency Plugin'
  1. Maven Dependency Plugin
  2. MDEP-531

MDP 2.10 depends on a known insecure library commons-collections:3.2.1

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.10
    • 3.0.0
    • None
    • None

    Description

      org.apache.maven.plugins:maven-dependency-plugin:2.10 has the following dependency:

          <dependency>
      <groupId>commons-collections</groupId>
      <artifactId>commons-collections</artifactId>
      <version>3.2.1</version>
    </dependency>

      This version of commons-collections has a known severe security vulnerability:

      https://www.kb.cert.org/vuls/id/576313
      https://commons.apache.org/proper/commons-collections/security-reports.html

      Please upgrade to a newer version of commons-collections as the insecure version is blocked for my usage.

      Attachments

        Activity

          People

            schulte77 Christian Schulte
            paulmfarrar Paul Farrar
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: