|Re: [m2e-users] Vulnerability problem found in M2E|
----- Original message -----
From: Victor Adrian Sosa Herrera/Mexico/IBM
Subject: Vulnerability problem found in M2E
Date: Mon, Nov 16, 2015 1:39 PM
Hello community.On the past weeks, a security vulnerability was found in Apache Commons Collections library, particularly on versions 3.x and 4.x. You can see details here
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/The fix is on its way and tracked under this JIRANow, I've been digging this a little bit and found that one M2E plugin is bundling this commons-collections.jar archive, at least on Eclipse Luna. Doing a quick search in the Eclipse installation I found thisorg.eclipse.m2e.archetype.common_18.104.22.16840605-2032/commons-collections-3.2.jarDo you have any plans to patch this plugin with the updated library (once available)?
Back to the top