Hi This security issue came to my attention: https://issues.apache.org/jira/browse/COLLECTIONS-580
See http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ for more background information. I am not sure if cloudstack is affected, at least we have dependency to this vulnerable lib: $ grep -Rl InvokerTransformer . ./plugins/hypervisors/kvm/target/dependencies/commons-collections-3.2.1.jar ./client/target/cloud-client-ui-4.5.2.war ./client/target/cloud-client-ui-4.5.2/WEB-INF/lib/commons-collections-3.2.1.jar ./usage/target/dependencies/commons-collections-3.2.1.jar ./agent/target/dependencies/commons-collections-3.2.jar ./engine/service/target/engine/WEB-INF/lib/commons-collections-3.2.jar Thanks for clarification. Yours René
