Update Apache Commons Collections to v3.2.2

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Fixed
    • 3.11.6, 4.0.6, 4.1.3, 4.2.0
    • Component/s: None
    • None

      The dependency on Apache Commons Collections should be upgraded to v.3.2.2 to incorporate the fix for: COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer

      There is no known exploit for this vulnerability in Bitbucket Server or Bitbucket Data Centre, however this library should be upgraded regardless.

              Assignee:
              Unassigned
              Reporter:
              Ben Humphreys
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: