Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 4.4.0.Alpha2
Affects Version/s: 4.4.0.Alpha1
Component/s: maven, target-platform, upstream
Labels:
None

Sprint:
devex #114 May 2016
Story Points:
2

Fred said:

So the m2e archetype feature also embeds a version of vulnerable commons-collections, that we need to fix upstream (even though it's not really vulnerable, just makes people cringy) – ~~JBDS-3560~~

So, we need a new version of m2e 1.7 (with fix for apache commons collections 3.2.2 / COLLECTIONS-580 / ~~JBDS-3560~~) and we can then mirror it and update the 4.60.x TPs.

is cloned by

JBIDE-21119 Update 4.5y.x TP to m2e 1.6.x (with fix for apache commons collections 3.2.2 / COLLECTIONS-580 / JBDS-3560)

Closed

is related to

JBDS-3560 Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)

Closed

relates to

JBIDE-21106 Update to m2e 1.7 and m2e-wtp 1.3

Closed

Assignee:: Nick Boldt

Reporter:: Nick Boldt

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2015/11/20 3:46 PM

Updated:: 2021/10/24 6:47 AM

Resolved:: 2016/05/10 4:52 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates