Uploaded image for project: 'Velocity'
  1. Velocity
  2. VELOCITY-869

Vulnerability in dependency: commons-collections:3.2.1

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.7
    • Fix Version/s: 1.x, 2.0
    • Component/s: Build
    • Labels:
      None

      Description

      There is an arbitrary remote code execution bug in commons-collections, tracked by COLLECTIONS-580. Updating to the version where this bug is fixed, 3.2.2, will help downstream libraries (like avro-ipc) from pulling in the bad version. Thanks!

        Attachments

        Issue Links

          Activity

            People

            • Assignee:
              sdumitriu Sergiu Dumitriu
              Reporter:
              rdblue Ryan Blue

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment