roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kohei Nozaki (JIRA)" <>
Subject [jira] [Created] (ROL-2103) Upgrade vulnerable commons-collections to 3.2.2
Date Sun, 24 Jan 2016 02:46:39 GMT
Kohei Nozaki created ROL-2103:

             Summary: Upgrade vulnerable commons-collections to 3.2.2
                 Key: ROL-2103
             Project: Apache Roller
          Issue Type: Improvement
          Components: Installation & Configuration
    Affects Versions: 5.1.2
            Reporter: Kohei Nozaki
            Assignee: Roller Unassigned
            Priority: Trivial

As reported in CVE-2015-4852 or there
is a vulnerability in commons-collections.

It's a transitive depdendency of Velocity and I think current Roller has not affected from
it, but I think any vulnerable code should be removed from our distribution anyway.

NOTE: Velocity has been upgraded commons collections as well in svn their trunk but I'm not
sure when the next release of Velocity will come out.

This message was sent by Atlassian JIRA

View raw message