We are looking at collections4 as a possibility, but haven't determined if we can upgrade yet.
The main issue is COLLECTIONS-701which is flagged by security scanners: ``` The framework Apache Commons Collections before 4.3 is vulnerable to Stack Overflow. The function add() in the file list/SetUniqueList.java throws a StackOverflowError when the add() method is called with its own list. ``` Thanks On 2025/02/12 15:08:19 sebb wrote: > On Wed, 12 Feb 2025 at 14:53, Volodymyr Siedlecki <volos...@apache.org> wrote: > > > > Hello, > > > > I don't see it explicitly on the commons website, but is 3.2.2 end of Life? > > I'm assuming so (as there are no releases in 10 years), but I would like to > > double check? > > Collections3 is no longer advertised on the download page. > > All development is now happening in collections4 (and has been for many > years). > > > I ask since my team would like to backport a few fixes if there's any > > possibility for a 3.2.3 release. > > I think that is extremely unlikely. > > Have you had a look at collections4? > > > Thanks! > > > > Volodymyr > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
