Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 4.3.1.CR1
Affects Version/s: 4.3.0.Final
Component/s: maven, target-platform, upstream
Labels:
None

Fred said:

So the m2e archetype feature also embeds a version of vulnerable commons-collections, that we need to fix upstream (even though it's not really vulnerable, just makes people cringy) – ~~JBDS-3560~~

So, we need a new version of m2e 1.6.x (with fix for apache commons collections 3.2.2 / COLLECTIONS-580 / ~~JBDS-3560~~) and we can then mirror it and update the 4.50.x and 4.51.x TPs (for JBDS 9.1, not 9.0.1).

clones

JBIDE-21118 Update 4.60.x TP to m2e 1.7 (with fix for apache commons collections 3.2.2 / COLLECTIONS-580 / JBDS-3560)

Closed

is related to

JBDS-3560 Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)

Closed

relates to

JBIDE-21106 Update to m2e 1.7 and m2e-wtp 1.3

Closed

Assignee:: Nick Boldt

Reporter:: Nick Boldt

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2015/11/20 3:47 PM

Updated:: 2016/05/10 10:32 AM

Resolved:: 2016/02/24 7:13 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates

Hide