2015-11-09 17:02:29 -05:00
|
|
|
Apache Commons Collections
|
|
|
|
Version 3.2.2
|
|
|
|
RELEASE NOTES
|
|
|
|
|
|
|
|
|
|
|
|
INTRODUCTION:
|
|
|
|
|
|
|
|
Commons collections is a project to develop and maintain collection classes
|
|
|
|
based on and inspired by the JDK collection framework.
|
|
|
|
This release is JDK1.3 compatible, and does not use JDK1.5 generics.
|
|
|
|
|
|
|
|
This v3.2.2 release is a bugfix release, fixing several bugs present in the previous
|
|
|
|
releases of the 3.2 branch. Additionally, this release provides a mitigation for a
|
|
|
|
known remote code exploitation via the standard java object serialization mechanism.
|
2015-11-11 09:29:18 -05:00
|
|
|
By default, serialization support for unsafe classes in the functor package is
|
|
|
|
disabled and will result in an exception when either trying to serialize or de-serialize
|
|
|
|
an instance of these classes. For more details, please refer to COLLECTIONS-580.
|
2015-11-09 17:02:29 -05:00
|
|
|
|
|
|
|
All users are strongly encouraged to updated to this release.
|
|
|
|
|
|
|
|
|
|
|
|
Changes in this version include:
|
|
|
|
|
|
|
|
CHANGES
|
|
|
|
=======
|
|
|
|
|
2015-11-11 09:29:18 -05:00
|
|
|
o COLLECTIONS-580: Serialization support for unsafe classes in the functor package is
|
|
|
|
disabled by default as this can be exploited for remote code execution
|
|
|
|
attacks. To re-enable the feature the system property
|
|
|
|
"org.apache.commons.collections.enableUnsafeSerialization" needs to be
|
|
|
|
set to "true".
|
|
|
|
Classes considered to be unsafe are: CloneTransformer, ForClosure,
|
|
|
|
InstantiateFactory, InstantiateTransformer, InvokerTransformer,
|
|
|
|
PrototypeCloneFactory, PrototypeSerializationFactory, WhileClosure.
|
2015-11-09 17:02:29 -05:00
|
|
|
|
|
|
|
BUGFIXES
|
|
|
|
========
|
|
|
|
|
|
|
|
o COLLECTIONS-538: "ExtendedProperties" will now use a privileged action to access the
|
|
|
|
"file.separator" system property. In case the class does not have
|
|
|
|
permission to read system properties, the "File#separator" field will
|
|
|
|
be used instead. Thanks to Trejkaz.
|
|
|
|
o COLLECTIONS-447: Tree traversal with a TreeListIterator will not be affected anymore by
|
|
|
|
the removal of an element directly after a call to previous(). Thanks to Jeffrey Barnes.
|
|
|
|
o COLLECTIONS-444: SetUniqueList.set(int, Object) now works correctly if the object to be inserted
|
|
|
|
is already placed at the given position. Thanks to Thomas Vahrst, John Vasileff.
|
|
|
|
o COLLECTIONS-350: Removed debug output in "MapUtils#getNumber(Map)". Thanks to Michael Akerman.
|
|
|
|
o COLLECTIONS-335: Fixed cache assignment for "TreeBidiMap#entrySet". Thanks to sebb.
|
|
|
|
o COLLECTIONS-334: Synchronized access to lock in "StaticBucketMap#size()". Thanks to sebb.
|
|
|
|
o COLLECTIONS-307: "SetUniqueList#subList()#contains(Object)" will now correctly check the subList
|
|
|
|
rather than the parent list. Thanks to Christian Semrau.
|
|
|
|
o COLLECTIONS-304: "SetUniqueList#set(int, Object)" will now correctly enforce the uniqueness constraint.
|
|
|
|
Thanks to Rafa? Figas,Bjorn Townsend.
|
|
|
|
o COLLECTIONS-294: "CaseInsensitiveMap" will now convert input strings to lower-case in a
|
|
|
|
locale-independent manner. Thanks to Benjamin Bentmann.
|
|
|
|
o COLLECTIONS-266: "MultiKey" will now be correctly serialized/de-serialized. Thanks to Joerg Schaible.
|
|
|
|
o COLLECTIONS-261: "Flat3Map#remove(Object)" will now return the correct value mapped to the removed key
|
|
|
|
if the size of the map is less or equal 3. Thanks to ori.
|
|
|
|
o COLLECTIONS-249: "SetUniqueList.addAll(int, Collection)" now correctly add the collection at the
|
|
|
|
provided index. Thanks to Joe Kelly.
|
|
|
|
o COLLECTIONS-228: "MultiValueMap#put(Object, Object)" and "MultiValueMap#putAll(Object, Collection)"
|
|
|
|
now correctly return if the map has changed by this operation.
|
|
|
|
o COLLECTIONS-219: "CollectionUtils#removeAll" wrongly called "ListUtils#retainAll". Thanks to Tom Leccese.
|
|
|
|
o COLLECTIONS-217: Calling "setValue(Object)" on any Entry returned by a "Flat3Map" will now
|
|
|
|
correctly set the value for the current entry. Thanks to Matt Bishop.
|
|
|
|
|
|
|
|
|
|
|
|
For complete information on Apache Commons Collections, including instructions on how to submit bug reports,
|
|
|
|
patches, or suggestions for improvement, see the Apache Commons Collections website:
|
|
|
|
|
|
|
|
http://commons.apache.org/collections/
|