You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Mark Thomas (JIRA)" <ji...@apache.org> on 2015/11/10 11:01:11 UTC

[jira] [Updated] (COLLECTIONS-581) Deserialization and Apache Commons Collection

     [ https://issues.apache.org/jira/browse/COLLECTIONS-581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mark Thomas updated COLLECTIONS-581:
------------------------------------
    Summary: Deserialization and Apache Commons Collection  (was: Deserialization vulnerability in Apache Commons Collection)

> Deserialization and Apache Commons Collection
> ---------------------------------------------
>
>                 Key: COLLECTIONS-581
>                 URL: https://issues.apache.org/jira/browse/COLLECTIONS-581
>             Project: Commons Collections
>          Issue Type: Bug
>          Components: Functor
>    Affects Versions: 3.0, 3.1, 3.2.1
>            Reporter: Deepesh
>            Assignee: Mark Thomas
>              Labels: patch
>
> Hi Team,
> This is regarding “commons-collections Java library”. In our applications we are widely using this library and hence looking to urgently patch the fix for vulnerability issue if it is available.
> Searching on internet we found one patch released on Sunday 08th Nov http://svn.apache.org/viewvc?view=revision&revision=1713307
> Just wanted to check with you if there is any updated / complied version of commons-collections jar available or going to be released soon which we can directly replace with our existing jar file that provides the fix for the vulnerability issue.
> Thanks in advance!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)