smicat opened a new issue, #1525: URL: https://github.com/apache/shiro/issues/1525
Hi, On the Developer Hub, the commons-collections artifact under the Apache Commons Collections project has been reported to have a security vulnerability Cx78f40514-81ff. (https://devhub.checkmarx.com/cve-details/Cx78f40514-81ff/) In addition, on the Maven Repository, the commons-collections artifact has been stopped maintenance, and now commons-collections4 artifact is recommended to use. (https://mvnrepository.com/artifact/commons-collections/commons-collections)  Are the above two points sufficient to indicate that there are security risks in commons-collections? However, both version 1 and version 2 of Shiro are still using commons-collections (exactly 3.2.2). (https://github.com/apache/shiro/blob/69f28c4c9e1654255bacb1ddfcec0bb3ab1d3d70/pom.xml#L91) The above is my personal opinion, please consider! Thank you! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
