[ https://issues.jboss.org/browse/JBIDE-21119?page=com.atlassian.jira.plugi... ] Nick Boldt updated JBIDE-21119: ------------------------------- Description: Fred said: {quote}So the m2e archetype feature also embeds a version of vulnerable commons-collections, that we need to fix upstream (even though it's not really vulnerable, just makes people cringy) -- JBDS-3560 {quote} So, we need a new version of m2e 1.6.x (with fix for apache commons collections 3.2.2 / COLLECTIONS-580 / JBDS-3560) and we can then mirror it and update the 4.50.x and 4.51.x TPs (for JBDS 9.1, not 9.0.1). was: Fred said: {quote}So the m2e archetype feature also embeds a version of vulnerable commons-collections, that we need to fix upstream (even though it's not really vulnerable, just makes people cringy) -- JBDS-3560 {quote} So, we need a new version of m2e 1.7 (with fix for apache commons collections 3.2.2 / COLLECTIONS-580 / JBDS-3560) and we can then mirror it and update the 4.60.x TPs. -- This message was sent by Atlassian JIRA (v6.4.11#64026)