[jira] [Resolved] (SLING-5814) CVE 2015-7501 : Upgrade commons-collection jar version to 3.2.2

Oliver Lietz (JIRA) Mon, 27 Jun 2016 07:11:17 -0700

     [ 
https://issues.apache.org/jira/browse/SLING-5814?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Oliver Lietz resolved SLING-5814.
---------------------------------
    Resolution: Not A Problem

Launchpad 9-SNAPSHOT is using 3.2.2 already

> CVE 2015-7501 : Upgrade commons-collection jar version to 3.2.2
> ---------------------------------------------------------------
>
>                 Key: SLING-5814
>                 URL: https://issues.apache.org/jira/browse/SLING-5814
>             Project: Sling
>          Issue Type: Bug
>          Components: Distribution
>            Reporter: Prakash Guggilam
>
> There is a critical security issue filed against the commons-collection jar 
> version 3.2.1, related to deserialization of untrusted data. Please refer to 
> the below URL's
> https://access.redhat.com/security/vulnerabilities/2059393
> https://www.kb.cert.org/vuls/id/576313
> The latest version of sling webapp, version 8, bundles the vulnerable version 
> of commons-collection 3.2.1. 
> We should consider upgrading the version of the jar to 3.2.2



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (SLING-5814) CVE 2015-7501 : Upgrade commons-collection jar version to 3.2.2

Reply via email to