Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-8193

Update Apache Commons Collections to v3.2.2


    • Icon: Suggestion Suggestion
    • Resolution: Fixed
    • 3.11.6, 4.0.6, 4.1.3, 4.2.0
    • None
    • None
    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      The dependency on Apache Commons Collections should be upgraded to v.3.2.2 to incorporate the fix for: COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer

      There is no known exploit for this vulnerability in Bitbucket Server or Bitbucket Data Centre, however this library should be upgraded regardless.

            Unassigned Unassigned
            behumphreys Ben Humphreys
            0 Vote for this issue
            2 Start watching this issue