[forge-commits] [forge/core] 11fc03: Upgrade Apache Commons Collections to v3.2.2

Branch: refs/heads/master Home: https://github.com/forge/core Commit: 11fc036e0d76cd13b60d0ab51b5e326de3bae92e https://github.com/forge/core/commit/11fc036e0d76cd13b60d0ab51b5e326de3ba... Author: James Bogosian <bogosj(a)users.noreply.github.com&gt; Date: 2016-03-08 (Tue, 08 Mar 2016) Changed paths: M configuration/impl/pom.xml Log Message: ----------- Upgrade Apache Commons Collections to v3.2.2 Version 3.2.1 has a CVSS 10.0 vulnerability. That's the worst kind of vulnerability that exists. By merely existing on the classpath, this library causes the Java serialization parser for the entire JVM process to go from being a state machine to a turing machine. A turing machine with an exec() function! https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8103 https://commons.apache.org/proper/commons-collections/security-reports.html http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-j... Commit: b8be5c99f592342eb18da3be79033e18a36e0738 https://github.com/forge/core/commit/b8be5c99f592342eb18da3be79033e18a36e... Author: George Gastaldi <gegastaldi(a)gmail.com&gt; Date: 2016-03-08 (Tue, 08 Mar 2016) Changed paths: M configuration/impl/pom.xml Log Message: ----------- Merge pull request #601 from bogosj/patch-1 Upgrade Apache Commons Collections to v3.2.2 Compare: https://github.com/forge/core/compare/2ed908235f1c...b8be5c99f592