[forge-commits] [forge/core] 11fc03: Upgrade Apache Commons Collections to v3.2.2
George Gastaldi
gegastaldi at gmail.com
Tue Mar 8 11:19:15 EST 2016
Branch: refs/heads/master
Home: https://github.com/forge/core
Commit: 11fc036e0d76cd13b60d0ab51b5e326de3bae92e
https://github.com/forge/core/commit/11fc036e0d76cd13b60d0ab51b5e326de3bae92e
Author: James Bogosian <bogosj at users.noreply.github.com>
Date: 2016-03-08 (Tue, 08 Mar 2016)
Changed paths:
M configuration/impl/pom.xml
Log Message:
-----------
Upgrade Apache Commons Collections to v3.2.2
Version 3.2.1 has a CVSS 10.0 vulnerability. That's the worst kind of
vulnerability that exists. By merely existing on the classpath, this
library causes the Java serialization parser for the entire JVM process
to go from being a state machine to a turing machine. A turing machine
with an exec() function!
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8103
https://commons.apache.org/proper/commons-collections/security-reports.html
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
Commit: b8be5c99f592342eb18da3be79033e18a36e0738
https://github.com/forge/core/commit/b8be5c99f592342eb18da3be79033e18a36e0738
Author: George Gastaldi <gegastaldi at gmail.com>
Date: 2016-03-08 (Tue, 08 Mar 2016)
Changed paths:
M configuration/impl/pom.xml
Log Message:
-----------
Merge pull request #601 from bogosj/patch-1
Upgrade Apache Commons Collections to v3.2.2
Compare: https://github.com/forge/core/compare/2ed908235f1c...b8be5c99f592
More information about the forge-commits
mailing list