Update Apache Commons Collections to v3.2.2

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Fixed
    • 3.11.6, 4.0.6, 4.1.3, 4.2.0
    • Component/s: None
    • None

      The dependency on Apache Commons Collections should be upgraded to v.3.2.2 to incorporate the fix for: COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer

      There is no known exploit for this vulnerability in Bitbucket Server or Bitbucket Data Centre, however this library should be upgraded regardless.

            Assignee:
            Unassigned
            Reporter:
            Ben Humphreys
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: