You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Gary Gregory (JIRA)" <ji...@apache.org> on 2016/05/23 20:55:14 UTC
[jira] [Closed] (BEANUTILS-489) You should upgrade dependendy on
commons-collections to avoid CVE-2015-4852
[ https://issues.apache.org/jira/browse/BEANUTILS-489?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary Gregory closed BEANUTILS-489.
----------------------------------
Resolution: Duplicate
Fix Version/s: 1.9.3
Duplicates [BEANUTILS-482].
> You should upgrade dependendy on commons-collections to avoid CVE-2015-4852
> ---------------------------------------------------------------------------
>
> Key: BEANUTILS-489
> URL: https://issues.apache.org/jira/browse/BEANUTILS-489
> Project: Commons BeanUtils
> Issue Type: Bug
> Components: Locale BeanUtils / Converters
> Affects Versions: 1.9.2
> Environment: any
> Reporter: jandry
> Priority: Critical
> Fix For: 1.9.3
>
> Original Estimate: 1m
> Remaining Estimate: 1m
>
> You have fix CVE-2014-0114 in benutils 1.9.2 but you still have a dependency on commons-collections 3.2.1 which is well known for CVE-2015-4852
> https://issues.apache.org/jira/browse/COLLECTIONS-583
> You must upgrade dependency to 3.2.2
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)