You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@commons.apache.org by gg...@apache.org on 2015/11/13 19:55:07 UTC

svn commit: r1714253 - /commons/proper/collections/branches/COLLECTIONS_3_2_X/xdocs/history.xml

Author: ggregory
Date: Fri Nov 13 18:55:07 2015
New Revision: 1714253

URL: http://svn.apache.org/viewvc?rev=1714253&view=rev
Log:
history.xml is missing version 3.2.2.

Modified:
    commons/proper/collections/branches/COLLECTIONS_3_2_X/xdocs/history.xml

Modified: commons/proper/collections/branches/COLLECTIONS_3_2_X/xdocs/history.xml
URL: http://svn.apache.org/viewvc/commons/proper/collections/branches/COLLECTIONS_3_2_X/xdocs/history.xml?rev=1714253&r1=1714252&r2=1714253&view=diff
==============================================================================
--- commons/proper/collections/branches/COLLECTIONS_3_2_X/xdocs/history.xml (original)
+++ commons/proper/collections/branches/COLLECTIONS_3_2_X/xdocs/history.xml Fri Nov 13 18:55:07 2015
@@ -104,6 +104,14 @@ Notably MultiValueMap is a new more flex
 <b>Collections 3.2.1</b> Re-packaged v3.2 release which is OSGi enabled.
 </p>
 
+<p>
+<b>Collections 3.2.2</b> Serialization support for unsafe classes in the functor package is disabled by default as 
+this can be exploited for remote code execution attacks. To re-enable the feature the system property 
+"org.apache.commons.collections.enableUnsafeSerialization" needs to be set to "true". Classes considered to be 
+unsafe are: CloneTransformer, ForClosure, InstantiateFactory, InstantiateTransformer, InvokerTransformer, 
+PrototypeCloneFactory, PrototypeSerializationFactory, WhileClosure. Fixes COLLECTIONS-580. Other bug fixes as well.
+</p>
+
 </section>
 
 </body>