-
Improvement
-
Resolution: Fixed
-
Minor
-
None
JENKINS-31496 mentioned a security issue related to the library commons-collections:
Security problem
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
Which has lead to [SECURITY-218] and Jenkins is no more vulnerable since 1.638 and 1.625.2.
It would be nice to bump the embedded library nonetheless. The 3.2.1 version being reported as facing a security risks by audit tools.
[JENKINS-31598] Bump commons-collections lib from 3.2.1 to 3.2.2
Issue Type | Original: Bug [ 1 ] | New: Improvement [ 4 ] |
Workflow | Original: JNJira [ 167026 ] | New: JNJira + In-Review [ 182555 ] |
Resolution | New: Fixed [ 1 ] | |
Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
Link | New: This issue relates to SECURITY-429 [ SECURITY-429 ] |