[zanata/zanata-parent] f64189: Upgrade Apache Commons Collections to v3.2.2
GitHub
noreply at github.com
Fri Mar 11 00:57:53 UTC 2016
Branch: refs/heads/master
Home: https://github.com/zanata/zanata-parent
Commit: f64189c86c1fcb1defb47e60c47277237e879b4a
https://github.com/zanata/zanata-parent/commit/f64189c86c1fcb1defb47e60c47277237e879b4a
Author: Jennifer Winer <jenn.winer at gmail.com>
Date: 2016-03-08 (Tue, 08 Mar 2016)
Changed paths:
M pom.xml
Log Message:
-----------
Upgrade Apache Commons Collections to v3.2.2
Version 3.2.1 has a CVSS 10.0 vulnerability. That's the worst kind of
vulnerability that exists. By merely existing on the classpath, this
library causes the Java serialization parser for the entire JVM process
to go from being a state machine to a turing machine. A turing machine
with an exec() function!
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8103
https://commons.apache.org/proper/commons-collections/security-reports.html
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
Commit: 68f85a7732ee183bfdd2e9078cf3a28bb7d643f0
https://github.com/zanata/zanata-parent/commit/68f85a7732ee183bfdd2e9078cf3a28bb7d643f0
Author: Sean Flanigan <sflaniga at redhat.com>
Date: 2016-03-11 (Fri, 11 Mar 2016)
Changed paths:
M pom.xml
Log Message:
-----------
Merge pull request #51 from Ratchette/patch-1
Upgrade Apache Commons Collections to v3.2.2
Compare: https://github.com/zanata/zanata-parent/compare/8ba3f76b61a7...68f85a7732ee
More information about the zanata-commits
mailing list