Upgrade to version 3.2.2 of apache commons-collections

XMLWordPrintable

    • 1
    • Severity 3 - Minor

      Summary

      Similar to the issue described in CONFSERVER-40130, Synchrony Proxy is still using the old commons-collections library which allows for remote code execution. We can see this by looking at the following directories:

      <Confluence-Install>/confluence/confluence/WEB-INF/lib/commons-collections-3.2.2.jar
<Confluence-Install>/confluence/synchrony-proxy/WEB-INF/lib/commons-collections-3.2.1.jar

      Notes

      Similar to CONFSERVER-40130, we’ll need to update the library for Synchrony Proxy.

            Assignee:
            Richard Atkins
            Reporter:
            Rachel Fuerst (Inactive)
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: