There is an arbitrary remote code execution bug in commons-collections, tracked by COLLECTIONS-580. Updating to the version where this bug is fixed, 3.2.2, will help downstream libraries (like avro-ipc) from pulling in the bad version. Thanks!
- is depended upon by
-
VELTOOLS-169 Upgrade or remove commons-collections compile dependency
-
- Closed
-