Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [m2e-users] Vulnerability problem found in M2E
Hello Community.
 
Throwing again this question to the table. Will this problem be fixed by m2e team?
 
Thanks
 
Regards
 
 
Victor Adrian Sosa Herrera  
Software Engineer - Rational Application Developer  2200 Camino A El Castillo
IBM Master Innovator  El Salto, 45680
Mexico Software Lab  Mexico
C120  
Q2  
Phone: +52-33-3669-7000 x3344   
Mobile: +52-1-33-1529-6494   
e-mail: victorsh@xxxxxxxxxxx   
Twitter   
DeveloperWorks blog   
 
 
 
 
 
 
----- Original message -----
From: Victor Adrian Sosa Herrera/Mexico/IBM
To: m2e-users@xxxxxxxxxxx
Cc:
Subject: Vulnerability problem found in M2E
Date: Mon, Nov 16, 2015 1:39 PM
 
Hello community.
 
On the past weeks, a security vulnerability was found in Apache Commons Collections library, particularly on versions 3.x and 4.x. You can see details here
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
 
The fix is on its way and tracked under this JIRA
 
Now, I've been digging this a little bit and found that one M2E plugin is bundling this commons-collections.jar archive, at least on Eclipse Luna. Doing a quick search in the Eclipse installation I found this
org.eclipse.m2e.archetype.common_1.5.0.20140605-2032/commons-collections-3.2.jar
 
Do you have any plans to patch this plugin with the updated library (once available)?
 
Regards
 
 
Victor Adrian Sosa Herrera  
Software Engineer - Rational Application Developer  2200 Camino A El Castillo
IBM Master Innovator  El Salto, 45680
Mexico Software Lab  Mexico
C120  
Q2  
Phone: +52-33-3669-7000 x3344   
Mobile: +52-1-33-1529-6494   
e-mail: victorsh@xxxxxxxxxxx   
Twitter   
DeveloperWorks blog   
 
 
 
 
 

Back to the top