Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31598

Bump commons-collections lib from 3.2.1 to 3.2.2

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • None

      JENKINS-31496 mentioned a security issue related to the library commons-collections:

      Security problem
      http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

      Fixed
      http://svn.apache.org/viewvc/commons/proper/collections/branches/COLLECTIONS_3_2_X/src/java/org/apache/commons/collections/functors/InvokerTransformer.java?view=log

      Which has lead to [SECURITY-218] and Jenkins is no more vulnerable since 1.638 and 1.625.2.

      It would be nice to bump the embedded library nonetheless. The 3.2.1 version being reported as facing a security risks by audit tools.

            Unassigned Unassigned
            hashar Antoine Musso
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: