Uploaded image for project: 'Velocity'
  1. Velocity
  2. VELOCITY-869

Vulnerability in dependency: commons-collections:3.2.1

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.7
    • Fix Version/s: 1.x, 2.0
    • Component/s: Build
    • Labels:
      None

      Description

      There is an arbitrary remote code execution bug in commons-collections, tracked by COLLECTIONS-580. Updating to the version where this bug is fixed, 3.2.2, will help downstream libraries (like avro-ipc) from pulling in the bad version. Thanks!

        Attachments

        Issue Links

        is depended upon by

        Bug - A problem which impairs or prevents the functions of the product. VELTOOLS-169 Upgrade or remove commons-collections compile dependency

        • Critical - Crashes, loss of data, severe memory leak.
        • Closed

          Activity
          $i18n.getText('security.level.explanation', $currentSelection) Viewable by All Users
          Cancel

            People

            • Assignee:
              sdumitriu Sergiu Dumitriu
              Reporter:
              rdblue Ryan Blue

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment