[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15093363#comment-15093363
]
Abhijeet Mohanty commented on COLLECTIONS-580:
--
I am on vacation from Jan 4, 2016 to
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15093361#comment-15093361
]
wangwenlong commented on COLLECTIONS-580:
-
dsadas
> Arbitrary remote code execution with
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15046623#comment-15046623
]
Joerg Schaible commented on COLLECTIONS-580:
THIS IS NOT A HELP FORUM! If you have
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15046603#comment-15046603
]
meiyoula commented on COLLECTIONS-580:
--
Hi, all. Let me ask a low question, the jar file which
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15046431#comment-15046431
]
pavan commented on COLLECTIONS-580:
---
[~tn] Is commons-collections 2.x library affected by this
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15046545#comment-15046545
]
Thomas Neidhart commented on COLLECTIONS-580:
-
The collections 2.x branch is not
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15035897#comment-15035897
]
Miriam Celi commented on COLLECTIONS-580:
-
[~tn] Is this issue also present in Apache Commons
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15036016#comment-15036016
]
Miriam Celi commented on COLLECTIONS-580:
-
Thank you for your prompt response!
> Arbitrary
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15035999#comment-15035999
]
Thomas Neidhart commented on COLLECTIONS-580:
-
All 3.X releases and the 4.0 release are
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15024543#comment-15024543
]
Michel Schudel commented on COLLECTIONS-580:
Any info on when commons-collections 4.1
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15024734#comment-15024734
]
Thomas Neidhart commented on COLLECTIONS-580:
-
the release has been prepared, currently
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15019162#comment-15019162
]
Mike Yoder commented on COLLECTIONS-580:
"No reflection is used anymore" sounds like a really
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15020267#comment-15020267
]
Thomas Neidhart commented on COLLECTIONS-580:
-
in the next days hopefully.
> Arbitrary
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15013112#comment-15013112
]
Thomas Neidhart commented on COLLECTIONS-580:
-
Hmm I feared that it would be too easy to
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15014694#comment-15014694
]
Thomas Neidhart commented on COLLECTIONS-580:
-
In the collections4 branch, the
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15013329#comment-15013329
]
Stevie Beck commented on COLLECTIONS-580:
-
This reminds me of the the general "SerialDoS"
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1506#comment-1506
]
Tiago Stürmer Daitx commented on COLLECTIONS-580:
-
According to CVE assignment team
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15012958#comment-15012958
]
Naozumi Taromaru commented on COLLECTIONS-580:
--
I used commons-collections-3.2.2.
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15008749#comment-15008749
]
Stevie Beck commented on COLLECTIONS-580:
-
+1 (thanks for the fix!)
Regarding CVE number:
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15006612#comment-15006612
]
Michel Schudel commented on COLLECTIONS-580:
Thanks Thomas for the quick fix
> Arbitrary
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15007419#comment-15007419
]
Mike Yoder commented on COLLECTIONS-580:
Let me also extend my thanks for the fix. Question:
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15006555#comment-15006555
]
Ravi Chamarthy commented on COLLECTIONS-580:
Thanks Thomas for the confirmation.
>
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15006492#comment-15006492
]
Thomas Neidhart commented on COLLECTIONS-580:
-
collections 3.2.2 has been released
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15006460#comment-15006460
]
Ravi Chamarthy commented on COLLECTIONS-580:
Hi,
Would be interested to know an
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15005279#comment-15005279
]
Thomas Neidhart commented on COLLECTIONS-580:
-
In collections4 there is also an inner
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15005597#comment-15005597
]
Thomas Neidhart commented on COLLECTIONS-580:
-
Fixed MultiValueMap issue in r1714360.
>
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15003912#comment-15003912
]
Karsten Klein commented on COLLECTIONS-580:
---
We (not having seen the attached patch before)
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15004712#comment-15004712
]
Thomas Neidhart commented on COLLECTIONS-580:
-
The new MultiValuedMap in collections4
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15004640#comment-15004640
]
Thomas Neidhart commented on COLLECTIONS-580:
-
Committed in r1714262 for collections4:
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15003922#comment-15003922
]
Thomas Neidhart commented on COLLECTIONS-580:
-
I prefer a fail-fast approach.
btw. a
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15003970#comment-15003970
]
Thomas Neidhart commented on COLLECTIONS-580:
-
{quote}
Not sure I fully understand. The
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15003932#comment-15003932
]
Karsten Klein commented on COLLECTIONS-580:
---
Not sure I fully understand. The critical
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15000335#comment-15000335
]
Thomas Neidhart commented on COLLECTIONS-580:
-
There are also other vulnerable classes
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14998820#comment-14998820
]
Jesse Glick commented on COLLECTIONS-580:
-
FWIW the Jenkins project has been assuming that
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14999172#comment-14999172
]
Devin Rosenbauer commented on COLLECTIONS-580:
--
I think that whatever is done with
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14998335#comment-14998335
]
Thomas Neidhart commented on COLLECTIONS-580:
-
Indeed, I was thinking about that as well.
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14998325#comment-14998325
]
Jochen Wiedmann commented on COLLECTIONS-580:
-
We are introducing an incompatible change.
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14998295#comment-14998295
]
Jochen Wiedmann commented on COLLECTIONS-580:
-
Alothough deserialization is the actual
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14998319#comment-14998319
]
Emmanuel Bourg commented on COLLECTIONS-580:
Serialization isn't an issue, I don't see
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14998499#comment-14998499
]
Leon Tebbens commented on COLLECTIONS-580:
--
I do not want to spoil the party, but are you
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14996216#comment-14996216
]
Thomas Neidhart commented on COLLECTIONS-580:
-
We will at least make also a release for
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14996228#comment-14996228
]
Thomas Neidhart commented on COLLECTIONS-580:
-
This should please be discussed on the
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14996219#comment-14996219
]
Emmanuel Bourg commented on COLLECTIONS-580:
I think we should release the fix for
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14996248#comment-14996248
]
Emmanuel Bourg commented on COLLECTIONS-580:
I don't doubt you've done the things
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14995710#comment-14995710
]
David Dossot commented on COLLECTIONS-580:
--
This vulnerability puts the whole library at
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14995713#comment-14995713
]
Thomas Neidhart commented on COLLECTIONS-580:
-
We are currently working on a new release
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14995839#comment-14995839
]
Thomas Neidhart commented on COLLECTIONS-580:
-
Proposed fix committed in r1713307 for the
[
https://issues.apache.org/jira/browse/COLLECTIONS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14995901#comment-14995901
]
Paul Hammant commented on COLLECTIONS-580:
--
Re "r1713307 for the 3.2.X branch" ... can the
48 matches
Mail list logo
