Am 12.02.2025 um 16:22 schrieb Volodymyr Siedlecki:
We are looking at collections4 as a possibility, but haven't determined if we
can upgrade yet.
The main issue is COLLECTIONS-701which is flagged by security scanners:
```
The framework Apache Commons Collections before 4.3 is vulnerable to Stack
Overflow. The function add() in the file list/SetUniqueList.java throws a
StackOverflowError when the add() method is called with its own list.
```
Thanks
We had the same question a few months ago (and yes, because an update to
4.x was impossible within the time the security patch was needed).
As there was no interest in patching 3.x "officially", we ended up
forking it (I would need to dig out the git repo where this happened).
Best regards, Julian
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
