Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-8193

Update Apache Commons Collections to v3.2.2

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Fixed
    • 3.11.6, 4.0.6, 4.1.3, 4.2.0
    • None
    • None
    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      The dependency on Apache Commons Collections should be upgraded to v.3.2.2 to incorporate the fix for: COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer

      There is no known exploit for this vulnerability in Bitbucket Server or Bitbucket Data Centre, however this library should be upgraded regardless.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. BSERV-8202 Security vulnerability in apache commons collections

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              behumphreys Ben Humphreys
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: