You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by gg...@apache.org on 2018/07/11 22:04:34 UTC
commons-collections git commit: Add release notes for 3.2.2 at the
bottom.
Repository: commons-collections
Updated Branches:
refs/heads/master 8cb8ac837 -> 6bb2ca179
Add release notes for 3.2.2 at the bottom.
Project: http://git-wip-us.apache.org/repos/asf/commons-collections/repo
Commit: http://git-wip-us.apache.org/repos/asf/commons-collections/commit/6bb2ca17
Tree: http://git-wip-us.apache.org/repos/asf/commons-collections/tree/6bb2ca17
Diff: http://git-wip-us.apache.org/repos/asf/commons-collections/diff/6bb2ca17
Branch: refs/heads/master
Commit: 6bb2ca17933a54a757a652cdc60d51e1820cc551
Parents: 8cb8ac8
Author: Gary Gregory <ga...@gmail.com>
Authored: Wed Jul 11 16:04:28 2018 -0600
Committer: Gary Gregory <ga...@gmail.com>
Committed: Wed Jul 11 16:04:28 2018 -0600
----------------------------------------------------------------------
RELEASE-NOTES.txt | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 74 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/commons-collections/blob/6bb2ca17/RELEASE-NOTES.txt
----------------------------------------------------------------------
diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt
index bd9f4b6..c889b11 100644
--- a/RELEASE-NOTES.txt
+++ b/RELEASE-NOTES.txt
@@ -209,3 +209,77 @@ For complete information on Apache Commons Collections, including instructions o
patches, or suggestions for improvement, see the Apache Apache Commons Collections website:
http://commons.apache.org/proper/commons-collections/
+
+===============================================================================
+
+ Apache Commons Collections
+ Version 3.2.2
+ RELEASE NOTES
+
+
+INTRODUCTION:
+
+Commons collections is a project to develop and maintain collection classes
+based on and inspired by the JDK collection framework.
+This release is JDK1.3 compatible, and does not use JDK1.5 generics.
+
+This v3.2.2 release is a bugfix release, fixing several bugs present in the previous
+releases of the 3.2 branch. Additionally, this release provides a mitigation for a
+known remote code exploitation via the standard java object serialization mechanism.
+By default, serialization support for unsafe classes in the functor package is
+disabled and will result in an exception when either trying to serialize or de-serialize
+an instance of these classes. For more details, please refer to COLLECTIONS-580.
+
+All users are strongly encouraged to updated to this release.
+
+
+Changes in this version include:
+
+CHANGES
+=======
+
+o COLLECTIONS-580: Serialization support for unsafe classes in the functor package is
+ disabled by default as this can be exploited for remote code execution
+ attacks. To re-enable the feature the system property
+ "org.apache.commons.collections.enableUnsafeSerialization" needs to be
+ set to "true".
+ Classes considered to be unsafe are: CloneTransformer, ForClosure,
+ InstantiateFactory, InstantiateTransformer, InvokerTransformer,
+ PrototypeCloneFactory, PrototypeSerializationFactory, WhileClosure.
+
+BUGFIXES
+========
+
+o COLLECTIONS-538: "ExtendedProperties" will now use a privileged action to access the
+ "file.separator" system property. In case the class does not have
+ permission to read system properties, the "File#separator" field will
+ be used instead. Thanks to Trejkaz.
+o COLLECTIONS-447: Tree traversal with a TreeListIterator will not be affected anymore by
+ the removal of an element directly after a call to previous(). Thanks to Jeffrey Barnes.
+o COLLECTIONS-444: SetUniqueList.set(int, Object) now works correctly if the object to be inserted
+ is already placed at the given position. Thanks to Thomas Vahrst, John Vasileff.
+o COLLECTIONS-350: Removed debug output in "MapUtils#getNumber(Map)". Thanks to Michael Akerman.
+o COLLECTIONS-335: Fixed cache assignment for "TreeBidiMap#entrySet". Thanks to sebb.
+o COLLECTIONS-334: Synchronized access to lock in "StaticBucketMap#size()". Thanks to sebb.
+o COLLECTIONS-307: "SetUniqueList#subList()#contains(Object)" will now correctly check the subList
+ rather than the parent list. Thanks to Christian Semrau.
+o COLLECTIONS-304: "SetUniqueList#set(int, Object)" will now correctly enforce the uniqueness constraint.
+ Thanks to Rafa? Figas,Bjorn Townsend.
+o COLLECTIONS-294: "CaseInsensitiveMap" will now convert input strings to lower-case in a
+ locale-independent manner. Thanks to Benjamin Bentmann.
+o COLLECTIONS-266: "MultiKey" will now be correctly serialized/de-serialized. Thanks to Joerg Schaible.
+o COLLECTIONS-261: "Flat3Map#remove(Object)" will now return the correct value mapped to the removed key
+ if the size of the map is less or equal 3. Thanks to ori.
+o COLLECTIONS-249: "SetUniqueList.addAll(int, Collection)" now correctly add the collection at the
+ provided index. Thanks to Joe Kelly.
+o COLLECTIONS-228: "MultiValueMap#put(Object, Object)" and "MultiValueMap#putAll(Object, Collection)"
+ now correctly return if the map has changed by this operation.
+o COLLECTIONS-219: "CollectionUtils#removeAll" wrongly called "ListUtils#retainAll". Thanks to Tom Leccese.
+o COLLECTIONS-217: Calling "setValue(Object)" on any Entry returned by a "Flat3Map" will now
+ correctly set the value for the current entry. Thanks to Matt Bishop.
+
+
+For complete information on Apache Commons Collections, including instructions on how to submit bug reports,
+patches, or suggestions for improvement, see the Apache Commons Collections website:
+
+http://commons.apache.org/collections/