Upgrade to version 3.2.2 of apache commons-collections

XMLWordPrintable

    • 1
    • Severity 3 - Minor

      Summary

      Similar to the issue described in CONFSERVER-40130, Synchrony Proxy is still using the old commons-collections library which allows for remote code execution. We can see this by looking at the following directories:

      <Confluence-Install>/confluence/confluence/WEB-INF/lib/commons-collections-3.2.2.jar
<Confluence-Install>/confluence/synchrony-proxy/WEB-INF/lib/commons-collections-3.2.1.jar

      Notes

      Similar to CONFSERVER-40130, we’ll need to update the library for Synchrony Proxy.

              Assignee:
              Richard Atkins
              Reporter:
              Rachel Fuerst (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: