[ https://issues.apache.org/jira/browse/SLING-5814?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oliver Lietz resolved SLING-5814. --------------------------------- Resolution: Not A Problem Launchpad 9-SNAPSHOT is using 3.2.2 already > CVE 2015-7501 : Upgrade commons-collection jar version to 3.2.2 > --------------------------------------------------------------- > > Key: SLING-5814 > URL: https://issues.apache.org/jira/browse/SLING-5814 > Project: Sling > Issue Type: Bug > Components: Distribution > Reporter: Prakash Guggilam > > There is a critical security issue filed against the commons-collection jar > version 3.2.1, related to deserialization of untrusted data. Please refer to > the below URL's > https://access.redhat.com/security/vulnerabilities/2059393 > https://www.kb.cert.org/vuls/id/576313 > The latest version of sling webapp, version 8, bundles the vulnerable version > of commons-collection 3.2.1. > We should consider upgrading the version of the jar to 3.2.2 -- This message was sent by Atlassian JIRA (v6.3.4#6332)