Uploaded image for project: 'Velocity'
  1. Velocity
  2. VELOCITY-869

Vulnerability in dependency: commons-collections:3.2.1

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.7
    • 1.x, 2.0
    • Build
    • None

    Description

      There is an arbitrary remote code execution bug in commons-collections, tracked by COLLECTIONS-580. Updating to the version where this bug is fixed, 3.2.2, will help downstream libraries (like avro-ipc) from pulling in the bad version. Thanks!

      Attachments

        Issue Links

          fixes

          Dependency upgrade - Upgrading a dependency to a newer version MRRESOURCES-116 Upgrade Apache Velocity due to vulnerability in commons-collections v3.2.1

          • Major - Major loss of function.
          • Closed
          is depended upon by

          Bug - A problem which impairs or prevents the functions of the product. VELTOOLS-169 Upgrade or remove commons-collections compile dependency

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              sdumitriu Sergiu Dumitriu
              rdblue Ryan Blue
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: