Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-8193

Update Apache Commons Collections to v3.2.2

    XMLWordPrintable

    Details

    • Feedback Policy:
      We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Description

      The dependency on Apache Commons Collections should be upgraded to v.3.2.2 to incorporate the fix for: COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer

      There is no known exploit for this vulnerability in Bitbucket Server or Bitbucket Data Centre, however this library should be upgraded regardless.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              behumphreys Ben Humphreys
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: