Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 9.1.0.CR1, 10.0.0.Alpha1
Affects Version/s: 8.1.0.GA, 9.0.0.GA, 10.0.0.Alpha1
Component/s: upstream
Labels:
None

Git Pull Request:
https://github.com/jbosstools/jbosstools-target-platforms/pull/177, https://github.com/jbosstools/jbosstools-target-platforms/pull/178, https://github.com/jbosstools/jbosstools-target-platforms/pull/179
Docs QE Status:
NEW
Target Release:

10.0.0.GA
CDW devel_ack:

This is a container issue to wrap & track https://issues.apache.org/jira/browse/COLLECTIONS-580

Problem is that JBDS 9 (and probably 8 and 10 too) include org.apache.commons.collections 3.2.0.v2013030210310, which is affected by COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

apache-commons-collections-in-JBDS7,8,9,10_refs1.png
188 kB
2015/11/16 4:59 PM
apache-commons-collections-in-JBDS7,8,9,10_refs10.png
51 kB
2015/11/16 4:59 PM
apache-commons-collections-in-JBDS7,8,9,10_refs7.png
83 kB
2015/11/16 4:59 PM
apache-commons-collections-in-JBDS7,8,9,10_refs8.png
39 kB
2015/11/16 4:59 PM
apache-commons-collections-in-JBDS7,8,9,10_refs8-IS-fuse.png
74 kB
2015/11/16 4:59 PM
apache-commons-collections-in-JBDS7,8,9,10_refs9.png
40 kB
2015/11/16 4:59 PM
apache-commons-collections-in-JBDS7,8,9,10.png
56 kB
2015/11/16 4:59 PM
orbit.R20150519210750_vs_I20151117200049.log_onlyLatest.txt
3 kB
2015/11/18 2:49 PM
orbit.R20150519210750_vs_I20151117200049.log.txt
3 kB
2015/11/18 2:49 PM

relates to

JBIDE-20976 Create and use Neon M4 target platform (was: Versions of 3rd party plugins in JBDS 10 are LESS than in JBDS 9)

Closed

JBIDE-21118 Update 4.60.x TP to m2e 1.7 (with fix for apache commons collections 3.2.2 / COLLECTIONS-580 / JBDS-3560)

Closed

JBIDE-21119 Update 4.5y.x TP to m2e 1.6.x (with fix for apache commons collections 3.2.2 / COLLECTIONS-580 / JBDS-3560)

Closed

DEVELOPER-1435 Add JBDS 9.0.0.GA-CVE-2015-7501 to https://www.jboss.org/products/devstudio/

Done

JBDS-3570 Include eap-6.4-CVE-2015-7501 into JBDS installer

Closed

links to

dali exploit

https://bugs.eclipse.org/bugs/show_bug.cgi?id=482130

(2 links to)

Assignee:: Nick Boldt

Reporter:: Nick Boldt

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2015/11/16 4:49 PM

Updated:: 2021/10/24 6:08 AM

Resolved:: 2016/02/24 4:07 PM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates