[HADOOP-12577] Bump up commons-collections version to 3.2.2 to address a security flaw - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 2.7.1, 2.6.2
Fix Version/s: 2.8.0, 2.7.2, 2.6.3, 3.0.0-alpha1
Component/s: build, security
Labels:
None

Target Version/s:

2.7.2, 2.6.3
Hadoop Flags:

Reviewed

Description

Update commons-collections from 3.2.1 to 3.2.2 because of a major security vulnerability. There are many other open source projects use commons-collections and are also affected.

Please see http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ for the discovery of the vulnerability.

https://issues.apache.org/jira/browse/COLLECTIONS-580 has the discussion thread of the fix.

https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread The ASF response to the security vulnerability.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-12577.001.patch
17/Nov/15 18:50
0.4 kB
Wei-Chiu Chuang

Issue Links

is depended upon by

HADOOP-9991 Fix up Hadoop POMs, roll up JARs to latest versions

Open

is related to

HADOOP-12579 Deprecate WriteableRPCEngine

Resolved

Activity

People

Assignee:: Wei-Chiu Chuang

Reporter:: Wei-Chiu Chuang

Votes:: 0 Vote for this issue

Watchers:: 17 Start watching this issue

Dates

Created:: 17/Nov/15 18:48

Updated:: 02/Oct/19 17:14

Resolved:: 23/Nov/15 18:08