[SM-2805] Vulnerable Apache Commons Collection still installed? - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 6.0.2, 6.1.0
Fix Version/s: 6.0.4, 6.1.2
Component/s: None
Labels:
None
Environment:

Any

Description

I have downloaded SMX6.1.0 from the front-page and I see that there is still a file "system/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar". I understand that this is still the version with the vulnarebility. Also if I list the packages from SMX 6.1.0, I see that package 178 is Commons Collections v3.2.1.

Do we still have the vulnarebility?

Attachments

Activity

People

Assignee:: Krzysztof Sobkowiak

Reporter:: Frank Joppe

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Jan/16 10:53

Updated:: 09/Jul/16 21:21

Resolved:: 24/Jun/16 21:01