Hi Colm,
I doubt Mavibot is going to be hit by this CVE, but we can upgrade and
cut a release if needed.
Give me a bit of time to double check.
On 04/01/2019 11:17, Colm O hEigeartaigh wrote:
Hi all,
I'm wondering if there are any plans to get another Mavibot release
out? It still depends on Commons Collections 3.2.1 (I upgraded it in
2016 -
https://github.com/apache/directory-mavibot/commit/5f5fa0f5e9a95be45a004a4d137f9a29a9f7991d#diff-600376dffeb79835ede4a0b285078036),
which has a deserialization CVE associated with it. Maybe we could get
another release out even if it just contains this fix to avoid
bundling a vulnerable library?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
