Branch: refs/heads/master Home: https://github.com/windup/windup Commit: 293032c3db15dc824c052e5321a200e8fa5ed5aa https://github.com/windup/windup/commit/293032c3db15dc824c052e5321a200e8f... Author: Justine Tunney <jtunney(a)gmail.com&gt; Date: 2016-04-10 (Sun, 10 Apr 2016) Changed paths: M utils/pom.xml Log Message: ----------- Upgrade Apache Commons Collections to v4.1 Version 4.0 has a CVSS 10.0 vulnerability. That's the worst kind of vulnerability that exists. By merely existing on the classpath, this library causes the Java serialization parser for the entire JVM process to go from being a state machine to a turing machine. A turing machine with an exec() function! https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8103 https://commons.apache.org/proper/commons-collections/security-reports.html http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-j... Commit: ce803365126c9f6774e6bf144469ffa1548e4b0b https://github.com/windup/windup/commit/ce803365126c9f6774e6bf144469ffa15... Author: Jesse Sightler <jesse.sightler(a)gmail.com&gt; Date: 2016-04-11 (Mon, 11 Apr 2016) Changed paths: M utils/pom.xml Log Message: ----------- Merge pull request #868 from jart/patch-1 Upgrade Apache Commons Collections to v4.1 Compare: https://github.com/windup/windup/compare/d7f36e461dab...ce803365126c