[JBoss JIRA] (JBDS-3560) Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)

Friday, 20 November 2015

    [
https://issues.jboss.org/browse/JBDS-3560?page=com.atlassian.jira.plugin....
] 

Nick Boldt commented on JBDS-3560:
----------------------------------

Changes noted above have been moved to these TPs, because the .1.CR1 TP is now reserved
for JBDS 9.0.1:

4.50.2.Beta1-SNAPSHOT
4.51.2.Beta1-SNAPSHOT
4.60.0.Alpha1-SNAPSHOT

...
 Arbitrary remote code execution with InvokerTransformer
(COLLECTIONS-580)
 -------------------------------------------------------------------------

                 Key: JBDS-3560
                 URL: https://issues.jboss.org/browse/JBDS-3560
             Project: Developer Studio (JBoss Developer Studio)
          Issue Type: Bug
          Components: upstream
    Affects Versions: 8.1.0.GA, 9.0.0.GA, 10.0.0.Alpha1
            Reporter: Nick Boldt
            Assignee: Max Rydahl Andersen
             Fix For: 9.1.0.Beta1, 10.0.0.Alpha1

         Attachments: apache-commons-collections-in-JBDS7,8,9,10.png,
apache-commons-collections-in-JBDS7,8,9,10_refs1.png,
apache-commons-collections-in-JBDS7,8,9,10_refs10.png,
apache-commons-collections-in-JBDS7,8,9,10_refs7.png,
apache-commons-collections-in-JBDS7,8,9,10_refs8-IS-fuse.png,
apache-commons-collections-in-JBDS7,8,9,10_refs8.png,
apache-commons-collections-in-JBDS7,8,9,10_refs9.png,
orbit.R20150519210750_vs_I20151117200049.log.txt,
orbit.R20150519210750_vs_I20151117200049.log_onlyLatest.txt

 This is a container issue to wrap & track
https://issues.apache.org/jira/browse/COLLECTIONS-580
 Problem is that JBDS 9 (and probably 8 and 10 too) include
org.apache.commons.collections	3.2.0.v2013030210310, which is affected by COLLECTIONS-580
- Arbitrary remote code execution with InvokerTransformer 

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006