[jira] [Updated] (ATLAS-4997) commons-collections dependency on atlas-intg 2.4.0

Kiran Velumuri (Jira) Tue, 04 Mar 2025 02:35:45 -0800


     [ 
https://issues.apache.org/jira/browse/ATLAS-4997?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Kiran Velumuri updated ATLAS-4997:
----------------------------------
    Description: 
The artifact commons-collections:3.2.2, which is a dependency for 
[atlas-intg|https://mvnrepository.com/artifact/org.apache.atlas/atlas-intg/2.4.0],
 is EOL. Due to this, there are security vulnerabilities(sonatype-2024-3350) 
for commons-collections:3.2.2. 

The latest atlas-intg release 2.4.0 contains the vulunerable 
commons-collections:3.2.2. The non vulnerable version of commons-collections is 
[commons-collections4|https://mvnrepository.com/artifact/org.apache.commons/commons-collections4].

This issue is track when the new release of atlas-intg would not contain the 
vulnerable commons-collections:3.2.2.

  was:
The artifact commons-collections:3.2.2, which is a dependency for 
[atlas-intg|https://mvnrepository.com/artifact/org.apache.atlas/atlas-intg/2.4.0],
 is EOL. Due to this, there are security vulnerabilities for 
commons-collections:3.2.2. 

The latest atlas-intg release 2.4.0 contains the vulunerable 
commons-collections:3.2.2. The non vulnerable version of commons-collections is 
[commons-collections4|https://mvnrepository.com/artifact/org.apache.commons/commons-collections4].

This issue is track when the new release of atlas-intg would not contain the 
vulnerable commons-collections:3.2.2.


> commons-collections dependency on atlas-intg 2.4.0
> --------------------------------------------------
>
>                 Key: ATLAS-4997
>                 URL: https://issues.apache.org/jira/browse/ATLAS-4997
>             Project: Atlas
>          Issue Type: Improvement
>    Affects Versions: 2.4.0
>            Reporter: Kiran Velumuri
>            Priority: Major
>
> The artifact commons-collections:3.2.2, which is a dependency for 
> [atlas-intg|https://mvnrepository.com/artifact/org.apache.atlas/atlas-intg/2.4.0],
>  is EOL. Due to this, there are security vulnerabilities(sonatype-2024-3350) 
> for commons-collections:3.2.2. 
> The latest atlas-intg release 2.4.0 contains the vulunerable 
> commons-collections:3.2.2. The non vulnerable version of commons-collections 
> is 
> [commons-collections4|https://mvnrepository.com/artifact/org.apache.commons/commons-collections4].
> This issue is track when the new release of atlas-intg would not contain the 
> vulnerable commons-collections:3.2.2.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (ATLAS-4997) commons-collections dependency on atlas-intg 2.4.0

Reply via email to