Bump commons-collections lib from 3.2.1 to 3.2.2

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      JENKINS-31496 mentioned a security issue related to the library commons-collections:

      Security problem
      http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

      Fixed
      http://svn.apache.org/viewvc/commons/proper/collections/branches/COLLECTIONS_3_2_X/src/java/org/apache/commons/collections/functors/InvokerTransformer.java?view=log

      Which has lead to [SECURITY-218] and Jenkins is no more vulnerable since 1.638 and 1.625.2.

      It would be nice to bump the embedded library nonetheless. The 3.2.1 version being reported as facing a security risks by audit tools.

            Assignee:
            Unassigned
            Reporter:
            Antoine Musso
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: