-
Bug
-
Resolution: Fixed
-
Low
-
2.8.3
-
None
This v3.2.2 release is a bugfix release, fixing several bugs present in the previous releases of the 3.2 branch. Additionally, this release provides a mitigation for a known remote code exploitation via the standard java object serialization mechanism. By default, serialization support for unsafe classes in the functor package is disabled and will result in an exception when either trying to serialize or de-serialize an instance of these classes. For more details, please refer to COLLECTIONS-580.
https://commons.apache.org/proper/commons-collections/release_3_2_2.html
- relates to
-
-
- Closed
-
![[Extranet] Page](/images/icons/generic_link_16.png "[Extranet] Page"){kind=icon}
[CWD-4579] Upgrade to version 3.2.2 of apache commons-collections
| Workflow | Original: Simplified Crowd Development Workflow v2 - restricted [ 1511110 ] | New: JAC Bug Workflow v3 [ 3365432 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Link | New: This issue relates to JRACLOUD-47638 [ JRACLOUD-47638 ] |
| Workflow | Original: Simplified Crowd Development Workflow v2 [ 1393210 ] | New: Simplified Crowd Development Workflow v2 - restricted [ 1511110 ] |
| Workflow | Original: Crowd Development Workflow v2 [ 1031126 ] | New: Simplified Crowd Development Workflow v2 [ 1393210 ] |
| Security | Original: Reporters and Developers [ 10071 ] |
| Remote Link | New: This issue links to "Page (Extranet)" [ 144364 ] |
| Remote Link | New: This issue links to "Page (Extranet)" [ 144009 ] |
| Fix Version/s | New: 2.8.4 [ 54305 ] | |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Technical Review [ 10028 ] | New: Resolved [ 5 ] |
| Status | Original: In Progress [ 3 ] | New: Technical Review [ 10028 ] |
| Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |