• Type: Bug
• Resolution: Not A Defect
• Priority: Critical
• Component/s: core
• Labels:

  None

[JENKINS-31496] Security Problem: commons-collections 3.2.1 (should bump to 3.2.2)

cactusman created issue - 2015-11-11 03:56

cactusman made changes - 2015-11-11 08:53

Description

Original: *Security problem* http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#thefix *Fixed* http://svn.apache.org/viewvc/commons/proper/collections/branches/COLLECTIONS_3_2_X/src/java/org/apache/commons/collections/functors/InvokerTransformer.java?view=log Jenkins will be updated fiexd commons-collections library.

New: *Security problem* http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ *Fixed* http://svn.apache.org/viewvc/commons/proper/collections/branches/COLLECTIONS_3_2_X/src/java/org/apache/commons/collections/functors/InvokerTransformer.java?view=log Jenkins will be updated fiexd commons-collections library.

Collapse comment: cactusman added a comment - 2015-11-17 00:44

cactusman added a comment - 2015-11-17 00:44

Commons Collections 3.2.2 released.

https://commons.apache.org/proper/commons-collections/release_3_2_2.html

Expand comment: cactusman added a comment - 2015-11-17 00:44

cactusman added a comment - 2015-11-17 00:44 Commons Collections 3.2.2 released. https://commons.apache.org/proper/commons-collections/release_3_2_2.html

Collapse comment: Daniel Beck added a comment - 2015-11-17 12:14

Daniel Beck added a comment - 2015-11-17 12:14

Jenkins is not vulnerable to this issue since 1.638 and 1.625.2.
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

Expand comment: Daniel Beck added a comment - 2015-11-17 12:14

Daniel Beck added a comment - 2015-11-17 12:14 Jenkins is not vulnerable to this issue since 1.638 and 1.625.2. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

Daniel Beck made changes - 2015-11-17 12:14

Resolution		New: Not A Defect [ 7 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Antoine Musso made changes - 2015-11-17 12:59

Summary

Original: Securitye Problem: commons-collections

New: Security Problem: commons-collections 3.2.1 (should bump to 3.2.2)

Collapse comment: Antoine Musso added a comment - 2015-11-17 13:06

Antoine Musso added a comment - 2015-11-17 13:06

Sorry for the lame edit earlier I haven't noticed this issue was marked as resolved.

I have filled https://issues.jenkins-ci.org/browse/JENKINS-31598 to ask for commons-collections to be bumped from 3.2.1 to 3.2.2.

Expand comment: Antoine Musso added a comment - 2015-11-17 13:06

Antoine Musso added a comment - 2015-11-17 13:06 Sorry for the lame edit earlier I haven't noticed this issue was marked as resolved. I have filled https://issues.jenkins-ci.org/browse/JENKINS-31598 to ask for commons-collections to be bumped from 3.2.1 to 3.2.2.

R. Tyler Croy made changes - 2016-07-25 23:57

Workflow

Original: JNJira [ 166898 ]

New: JNJira + In-Review [ 198067 ]