[ https://issues.apache.org/jira/browse/VELOCITY-869?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15242799#comment-15242799 ]
Nimisha Gupta commented on VELOCITY-869: ---------------------------------------- [~sdumitriu] Hi, I am using Velocity 1.7.However, I need to get rid of commons-collections 3.2.1 vulnerability.It seems that you have resolved this issue in version 1.7.1/2.x. These versions are not yet released, is there a specific release date or alternative through which I can get rid of this vulnerability? Thanks! > Vulnerability in dependency: commons-collections:3.2.1 > ------------------------------------------------------ > > Key: VELOCITY-869 > URL: https://issues.apache.org/jira/browse/VELOCITY-869 > Project: Velocity > Issue Type: Bug > Components: Build > Affects Versions: 1.7 > Reporter: Ryan Blue > Assignee: Sergiu Dumitriu > Fix For: 2.x, 1.x > > > There is an arbitrary remote code execution bug in commons-collections, > tracked by COLLECTIONS-580. Updating to the version where this bug is fixed, > 3.2.2, will help downstream libraries (like avro-ipc) from pulling in the bad > version. Thanks! -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org