They released a new version of commons-collections (v3.2.2) which addresses this issue. So the remote code execution vulnerability is fixed, but as Jens noted, the potential DOS attack can still be executed.
https://commons.apache.org/proper/commons-collections/release_3_2_2.html
The issue in the Apache bug tracker: https://issues.apache.org/jira/browse/COLLECTIONS-580
-- https://commons.apache.org/proper/commons-collections/release_3_2_2.html
The issue in the Apache bug tracker: https://issues.apache.org/jira/browse/COLLECTIONS-580
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment