[BSERV-8193] Update Apache Commons Collections to v3.2.2 - Create and track feature requests for Atlassian products.

We couldn't load the project sidebar. Refresh the page to try again.
If the problem persists, contact your Jira admin.

Type: Suggestion
Resolution: Fixed
Fix Version/s: 3.11.6, 4.0.6, 4.1.3, 4.2.0
Component/s: None
Labels:
None

Feedback Policy:

We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

The dependency on Apache Commons Collections should be upgraded to v.3.2.2 to incorporate the fix for: COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer

There is no known exploit for this vulnerability in Bitbucket Server or Bitbucket Data Centre, however this library should be upgraded regardless.

is duplicated by

BSERV-8202 Security vulnerability in apache commons collections

Closed

Form Name

There are no comments yet on this issue.

Assignee:: Unassigned

Reporter:: Ben Humphreys

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 30/Nov/2015 6:43 AM

Updated:: 19/Sep/2019 5:49 AM

Resolved:: 30/Nov/2015 7:34 AM