Upgrade Apache Commons Collections to v3.2.2

Version 3.2.1 has a CVSS 10.0 vulnerability. That's the worst kind of vulnerability that exists. By merely existing on the classpath, this library causes the Java serialization parser for the entire JVM process to go from being a state machine to a turing machine. A turing machine with an exec() function! https://commons.apache.org/proper/commons-collections/security-reports.html http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ -- MOS_MIGRATED_REVID=116309858
author: Googler <noreply@google.com> 2016-03-04 00:49:24 +0000
committer: Damien Martin-Guillerez <dmarting@google.com> 2016-03-04 12:19:48 +0000
commit: ba05c372f582f29d1d0494a34bde694c1ddc5b77 (patch)
tree: 6bdfed565439868fc1f86541013ea487ddce5d5d /site/docs/tutorial
parent: 2de7a886910a767fdd0b4612f85877dc288745dc (diff)
1 files changed, 0 insertions, 5 deletions
diff --git a/site/docs/tutorial/backend-server.md b/site/docs/tutorial/backend-server.md
index d49f6b941c..542db5d923 100644
--- a/site/docs/tutorial/backend-server.md
+++ b/site/docs/tutorial/backend-server.md
@@ -125,11 +125,6 @@ maven_jar(
 )
 
 maven_jar(
-    name = "org_apache_commons_collections",
-    artifact = "commons-collections:commons-collections:3.2.1",
-)
-
-maven_jar(
     name = "javax_servlet_api",
     artifact = "javax.servlet:servlet-api:2.5",
 )
author	Googler <noreply@google.com>	2016-03-04 00:49:24 +0000
committer	Damien Martin-Guillerez <dmarting@google.com>	2016-03-04 12:19:48 +0000
commit	ba05c372f582f29d1d0494a34bde694c1ddc5b77 (patch)
tree	6bdfed565439868fc1f86541013ea487ddce5d5d /site/docs/tutorial
parent	2de7a886910a767fdd0b4612f85877dc288745dc (diff)