Uploaded image for project: 'Apache Roller'
  1. Apache Roller
  2. ROL-2103

Upgrade vulnerable commons-collections to 3.2.2

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Trivial
    • Resolution: Unresolved
    • 5.1.2
    • None
    • None

    Description

      As reported in CVE-2015-4852 or https://issues.apache.org/jira/browse/COLLECTIONS-580 there is a vulnerability in commons-collections.

      It's a transitive depdendency of Velocity and I think current Roller has not affected from it, but I think any vulnerable code should be removed from our distribution anyway.

      NOTE: Velocity has been upgraded commons collections as well in svn their trunk but I'm not sure when the next release of Velocity will come out.
      https://issues.apache.org/jira/browse/VELOCITY-869

      Attachments

        1. ROL-2103.patch
          0.9 kB
          Kohei Nozaki

        Issue Links

          Activity

            People

              Unassigned Unassigned
              xkylex Kohei Nozaki
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: