The Apache Commons team is pleased to announce the release of Apache Commons Collections 3.2.2. The release is available for download at
http://commons.apache.org/proper/commons-collections/download_collections.cgi Apache Commons Collections is a project to develop and maintain collection classes based on and inspired by the JDK collection framework. This Collections 3.2.2 release is a security and bugfix release, fixing several bugs present in the previous releases of the 3.2 branch. Additionally, this release provides a mitigation for a known remote code exploitation via the standard java object serialization mechanism. By default, serialization support for unsafe classes in the functor package is disabled and will result in an exception when either trying to serialize or de-serialize an instance of these classes. For more details, please refer to COLLECTIONS-580. All users are strongly encouraged to updated to this release. See the release-notes at http://commons.apache.org/proper/commons-collections/release_3_2_2.html http://www.apache.org/dist/commons/collections/RELEASE-NOTES-3.2.2.txt for a full list of changes. Please verify signatures using the KEYS file available at the above location when downloading the release. For complete information on collections, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Collections website: http://commons.apache.org/proper/commons-collections/ Thomas, on behalf of the Apache Commons team
