On Wed, 12 Feb 2025 at 15:22, Volodymyr Siedlecki <volos...@apache.org> wrote: > > We are looking at collections4 as a possibility, but haven't determined if we > can upgrade yet. > > The main issue is COLLECTIONS-701which is flagged by security scanners: > > ``` > The framework Apache Commons Collections before 4.3 is vulnerable to Stack > Overflow. The function add() in the file list/SetUniqueList.java throws a > StackOverflowError when the add() method is called with its own list. > ```
The current release is 4.5.0-M3, i.e. later than 4.3 > > Thanks > > On 2025/02/12 15:08:19 sebb wrote: > > On Wed, 12 Feb 2025 at 14:53, Volodymyr Siedlecki <volos...@apache.org> > > wrote: > > > > > > Hello, > > > > > > I don't see it explicitly on the commons website, but is 3.2.2 end of > > > Life? > > > I'm assuming so (as there are no releases in 10 years), but I would like > > > to > > > double check? > > > > Collections3 is no longer advertised on the download page. > > > > All development is now happening in collections4 (and has been for many > > years). > > > > > I ask since my team would like to backport a few fixes if there's any > > > possibility for a 3.2.3 release. > > > > I think that is extremely unlikely. > > > > Have you had a look at collections4? > > > > > Thanks! > > > > > > Volodymyr > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
