Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-8193

Update Apache Commons Collections to v3.2.2

    XMLWordPrintable

    Details

    • Type: Development Task
    • Status: Closed (View Workflow)
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.11.6, 4.0.6, 4.1.3, 4.2.0
    • Component/s: None
    • Labels:
      None

      Description

      The dependency on Apache Commons Collections should be upgraded to v.3.2.2 to incorporate the fix for: COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer

      There is no known exploit for this vulnerability in Bitbucket Server or Bitbucket Data Centre, however this library should be upgraded regardless.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                behumphreys Ben Humphreys
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: