Branch: refs/heads/master
  Home:   https://github.com/zanata/zanata-parent
  Commit: f64189c86c1fcb1defb47e60c47277237e879b4a
      
https://github.com/zanata/zanata-parent/commit/f64189c86c1fcb1defb47e60c47277237e879b4a
  Author: Jennifer Winer <jenn.wi...@gmail.com>
  Date:   2016-03-08 (Tue, 08 Mar 2016)

  Changed paths:
    M pom.xml

  Log Message:
  -----------
  Upgrade Apache Commons Collections to v3.2.2

Version 3.2.1 has a CVSS 10.0 vulnerability. That's the worst kind of
vulnerability that exists. By merely existing on the classpath, this
library causes the Java serialization parser for the entire JVM process
to go from being a state machine to a turing machine. A turing machine
with an exec() function!

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8103
https://commons.apache.org/proper/commons-collections/security-reports.html
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/


  Commit: 68f85a7732ee183bfdd2e9078cf3a28bb7d643f0
      
https://github.com/zanata/zanata-parent/commit/68f85a7732ee183bfdd2e9078cf3a28bb7d643f0
  Author: Sean Flanigan <sflan...@redhat.com>
  Date:   2016-03-11 (Fri, 11 Mar 2016)

  Changed paths:
    M pom.xml

  Log Message:
  -----------
  Merge pull request #51 from Ratchette/patch-1

Upgrade Apache Commons Collections to v3.2.2


Compare: 
https://github.com/zanata/zanata-parent/compare/8ba3f76b61a7...68f85a7732ee
_______________________________________________
zanata-commits mailing list
zanata-commits@redhat.com
https://www.redhat.com/mailman/listinfo/zanata-commits

Reply via email to