Upgrade Apache Commons Collections to v3.2.2

Version 3.2.1 has a CVSS 10.0 vulnerability. That's the worst kind of vulnerability that exists. By merely existing on the classpath, this library causes the Java serialization parser for the entire JVM process to go from being a state machine to a turing machine. A turing machine with an exec() function! https://commons.apache.org/proper/commons-collections/security-reports.html http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
author: Justine Tunney <jart@google.com> 2016-03-07 17:58:37 -0500
committer: Simon Brandhof <simon.brandhof@sonarsource.com> 2016-03-08 10:46:01 +0100
commit: d084a30481ca2ce6277dc8dec297855382a51a33 (patch)
tree: 0b4f503d9e90a10ae7d7d387e5f5f2f6fa620834 /pom.xml
parent: 80724830a16ee96648e3d71fc14c13e2efa531a5 (diff)
download: sonarqube-d084a30481ca2ce6277dc8dec297855382a51a33.tar.gz
sonarqube-d084a30481ca2ce6277dc8dec297855382a51a33.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/pom.xml b/pom.xml
index 9fd4cd98d5f..15a18a01587 100644
--- a/pom.xml
+++ b/pom.xml
@@ -568,7 +568,7 @@
       <dependency>
         <groupId>commons-collections</groupId>
         <artifactId>commons-collections</artifactId>
-        <version>3.2.1</version>
+        <version>3.2.2</version>
       </dependency>
       <dependency>
         <groupId>org.elasticsearch</groupId>
author	Justine Tunney <jart@google.com>	2016-03-07 17:58:37 -0500
committer	Simon Brandhof <simon.brandhof@sonarsource.com>	2016-03-08 10:46:01 +0100
commit	d084a30481ca2ce6277dc8dec297855382a51a33 (patch)
tree	0b4f503d9e90a10ae7d7d387e5f5f2f6fa620834 /pom.xml
parent	80724830a16ee96648e3d71fc14c13e2efa531a5 (diff)
download	sonarqube-d084a30481ca2ce6277dc8dec297855382a51a33.tar.gz sonarqube-d084a30481ca2ce6277dc8dec297855382a51a33.zip