SOLR-8269: Upgrade commons-collections to 3.2.2. This fixes a known serialization vulnerability

git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1714638 13f79535-47bb-0310-9956-ffa450edef68
2015-11-16 17:35:48 +00:00 · 2015-11-16 17:35:48 +00:00 · efa69bb18e
parent 1c8a34f324
commit efa69bb18e
4 changed files with 4 additions and 2 deletions
--- a/lucene/ivy-versions.properties
+++ b/lucene/ivy-versions.properties
@ -61,7 +61,7 @@ com.sun.jersey.version = 1.9
 /commons-beanutils/commons-beanutils = 1.8.3
 /commons-cli/commons-cli = 1.2
 /commons-codec/commons-codec = 1.10
-/commons-collections/commons-collections = 3.2.1
+/commons-collections/commons-collections = 3.2.2
 /commons-configuration/commons-configuration = 1.6
 /commons-digester/commons-digester = 2.1
 /commons-fileupload/commons-fileupload = 1.2.1
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@ -515,6 +515,8 @@ Other Changes
 * SOLR-8286: Remove instances of solr.hdfs.blockcache.write.enabled from tests
  and docs (Gregory Chanan)

+* SOLR-8269: Upgrade commons-collections to 3.2.2. This fixes a known serialization vulnerability (janhoy)
+
 ==================  5.3.1 ==================

 Bug Fixes
--- a/solr/licenses/commons-collections-3.2.1.jar.sha1
+++ b/solr/licenses/commons-collections-3.2.1.jar.sha1
@ -1 +0,0 @@
-761ea405b9b37ced573d2df0d1e3a4e0f9edc668
--- a/solr/licenses/commons-collections-3.2.2.jar.sha1
+++ b/solr/licenses/commons-collections-3.2.2.jar.sha1
@ -0,0 +1 @@
+8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5