Hello Community.
Throwing again this question to the table. Will this problem be fixed by m2e team?
Thanks
Regards
| | |||
| Victor Adrian Sosa Herrera |  | ||
| Software Engineer - Rational Application Developer | 2200 Camino A El Castillo | ||
| IBM Master Innovator | El Salto, 45680 | ||
| Mexico Software Lab | Mexico | ||
| C120 | |||
| Q2 | |||
| Phone: | +52-33-3669-7000 x3344 | ||
| Mobile: | +52-1-33-1529-6494 | ||
| e-mail: | victo...@mx1.ibm.com | ||
| DeveloperWorks blog | |||
| | |||
----- Original message -----
From: Victor Adrian Sosa Herrera/Mexico/IBM
To: m2e-users@eclipse.org
Cc:
Subject: Vulnerability problem found in M2E
Date: Mon, Nov 16, 2015 1:39 PM
Hello community.On the past weeks, a security vulnerability was found in Apache Commons Collections library, particularly on versions 3.x and 4.x. You can see details here
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/The fix is on its way and tracked under this JIRANow, I've been digging this a little bit and found that one M2E plugin is bundling this commons-collections.jar archive, at least on Eclipse Luna. Doing a quick search in the Eclipse installation I found thisorg.eclipse.m2e.archetype.common_1.5.0.20140605-2032/commons-collections-3.2.jarDo you have any plans to patch this plugin with the updated library (once available)?Regards
Victor Adrian Sosa Herrera Software Engineer - Rational Application Developer 2200 Camino A El Castillo IBM Master Innovator El Salto, 45680 Mexico Software Lab Mexico C120 Q2 Phone: +52-33-3669-7000 x3344 Mobile: +52-1-33-1529-6494 e-mail: victo...@mx1.ibm.com DeveloperWorks blog
_______________________________________________ m2e-users mailing list m2e-users@eclipse.org To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/m2e-users
