| Re: [m2e-users] Vulnerability problem found in M2E |
Hello Community.Throwing again this question to the table. Will this problem be fixed by m2e team?ThanksRegards
Victor Adrian Sosa Herrera Software Engineer - Rational Application Developer 2200 Camino A El Castillo IBM Master Innovator El Salto, 45680 Mexico Software Lab Mexico C120 Q2 Phone: +52-33-3669-7000 x3344 Mobile: +52-1-33-1529-6494 e-mail: victorsh@xxxxxxxxxxx DeveloperWorks blog
From: Victor Adrian Sosa Herrera/Mexico/IBM
To: m2e-users@xxxxxxxxxxx
Cc:
Subject: Vulnerability problem found in M2E
Date: Mon, Nov 16, 2015 1:39 PM
Hello community.On the past weeks, a security vulnerability was found in Apache Commons Collections library, particularly on versions 3.x and 4.x. You can see details here
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/The fix is on its way and tracked under this JIRANow, I've been digging this a little bit and found that one M2E plugin is bundling this commons-collections.jar archive, at least on Eclipse Luna. Doing a quick search in the Eclipse installation I found thisorg.eclipse.m2e.archetype.common_1.5.0.20140605-2032/commons-collections-3.2.jarDo you have any plans to patch this plugin with the updated library (once available)?Regards
Victor Adrian Sosa Herrera Software Engineer - Rational Application Developer 2200 Camino A El Castillo IBM Master Innovator El Salto, 45680 Mexico Software Lab Mexico C120 Q2 Phone: +52-33-3669-7000 x3344 Mobile: +52-1-33-1529-6494 e-mail: victorsh@xxxxxxxxxxx DeveloperWorks blog
_______________________________________________
m2e-users mailing list
m2e-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/m2e-users
