-
Improvement
-
Resolution: Fixed
-
Minor
-
None
JENKINS-31496 mentioned a security issue related to the library commons-collections:
Security problem
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
Which has lead to [SECURITY-218] and Jenkins is no more vulnerable since 1.638 and 1.625.2.
It would be nice to bump the embedded library nonetheless. The 3.2.1 version being reported as facing a security risks by audit tools.
Code changed in jenkins
User: PJ Fanning
Path:
core/pom.xml
test/src/test/java/jenkins/security/Security218CliTest.java
http://jenkins-ci.org/commit/jenkins/46d3f2e1d0bee7098e630d9c6913fe25bb2b3753
Log:
JENKINS-31598upgrade commons-collections due to CVE against v3.2.1 (#2761)JENKINS-31598upgrade commons-collections due to CVE against v3.2.1