Hello community.
On the past weeks, a security vulnerability was found in Apache Commons Collections library, particularly on versions 3.x and 4.x. You can see details here
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
The fix is on its way and tracked under this JIRA
Now, I've been digging this a little bit and found that one M2E plugin is bundling this commons-collections.jar archive, at least on Eclipse Luna. Doing a quick search in the Eclipse installation I found this
org.eclipse.m2e.archetype.common_1.5.0.20140605-2032/commons-collections-3.2.jar
Do you have any plans to patch this plugin with the updated library (once available)?
Regards
| | |||
| Victor Adrian Sosa Herrera |  | ||
| Software Engineer - Rational Application Developer | 2200 Camino A El Castillo | ||
| IBM Master Innovator | El Salto, 45680 | ||
| Mexico Software Lab | Mexico | ||
| C120 | |||
| Q2 | |||
| Phone: | +52-33-3669-7000 x3344 | ||
| Mobile: | +52-1-33-1529-6494 | ||
| e-mail: | victo...@mx1.ibm.com | ||
| DeveloperWorks blog | |||
| | |||
_______________________________________________ m2e-users mailing list m2e-users@eclipse.org To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/m2e-users
