Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31598

Bump commons-collections lib from 3.2.1 to 3.2.2

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: core
    • Labels:
      None
    • Similar Issues:

      Description

      JENKINS-31496 mentioned a security issue related to the library commons-collections:

      Security problem
      http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

      Fixed
      http://svn.apache.org/viewvc/commons/proper/collections/branches/COLLECTIONS_3_2_X/src/java/org/apache/commons/collections/functors/InvokerTransformer.java?view=log

      Which has lead to [SECURITY-218] and Jenkins is no more vulnerable since 1.638 and 1.625.2.

      It would be nice to bump the embedded library nonetheless. The 3.2.1 version being reported as facing a security risks by audit tools.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              hashar Antoine Musso
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: