HBASE-14799 Commons-collections object deserialization remote command execution vulnerability

This commit is contained in:
Andrew Purtell 2015-11-23 13:37:19 -08:00
parent 0f3e2e0bfa
commit f553bcf469
1 changed files with 2 additions and 1 deletions

View File

@ -1176,7 +1176,8 @@
<commons-math.version>2.2</commons-math.version> <commons-math.version>2.2</commons-math.version>
<commons-net.version>3.1</commons-net.version> <commons-net.version>3.1</commons-net.version>
<disruptor.version>3.3.0</disruptor.version> <disruptor.version>3.3.0</disruptor.version>
<collections.version>3.2.1</collections.version> <!-- Do not use versions earlier than 3.2.2 due to a security vulnerability -->
<collections.version>3.2.2</collections.version>
<httpclient.version>3.1</httpclient.version> <httpclient.version>3.1</httpclient.version>
<metrics-core.version>2.2.0</metrics-core.version> <metrics-core.version>2.2.0</metrics-core.version>
<guava.version>12.0.1</guava.version> <guava.version>12.0.1</guava.version>