[VELOCITY-882] Critical vulnerability in commons collection - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.7.x, 2.0
Component/s: None
Labels:
None

Description

Hi,
Snyk reported to us that velocity 1.7 contains a dependency to commons-collection 3.2.1 which is vulnerable to arbitrary code execution.
https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078
This should be fixed since many lib depends on this library...

Attachments

Activity

People

Assignee:: Mike Kienenberger

Reporter:: Emile Fugulin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 04/Aug/17 08:03

Updated:: 28/Aug/18 17:47

Resolved:: 28/Aug/18 17:47