[jira] [Created] (SLING-5814) CVE 2015-7501 : Upgrade commons-collection jar version to 3.2.2

Prakash Guggilam (JIRA) Mon, 27 Jun 2016 06:05:14 -0700

Prakash Guggilam created SLING-5814:
---------------------------------------


             Summary: CVE 2015-7501 : Upgrade commons-collection jar version to 
3.2.2
                 Key: SLING-5814
                 URL: https://issues.apache.org/jira/browse/SLING-5814
             Project: Sling
          Issue Type: Bug
          Components: Distribution
            Reporter: Prakash Guggilam


There is a critical security issue filed against the commons-collection jar 
version 3.2.1, related to deserialization of untrusted data. Please refer to 
the below URL's

https://access.redhat.com/security/vulnerabilities/2059393
https://www.kb.cert.org/vuls/id/576313

The latest version of sling webapp, version 8, bundles the vulnerable version 
of commons-collection 3.2.1. 
We should consider upgrading the version of the jar to 3.2.2




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SLING-5814) CVE 2015-7501 : Upgrade commons-collection jar version to 3.2.2

Reply via email to