[ https://issues.apache.org/jira/browse/VELOCITY-882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mike Kienenberger updated VELOCITY-882: --------------------------------------- Fix Version/s: 2.0 1.7.x > Critical vulnerability in commons collection > -------------------------------------------- > > Key: VELOCITY-882 > URL: https://issues.apache.org/jira/browse/VELOCITY-882 > Project: Velocity > Issue Type: Bug > Reporter: Emile Fugulin > Assignee: Mike Kienenberger > Priority: Major > Fix For: 1.7.x, 2.0 > > > Hi, > Snyk reported to us that velocity 1.7 contains a dependency to > commons-collection 3.2.1 which is vulnerable to arbitrary code execution. > https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078 > This should be fixed since many lib depends on this library... -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org