Upgrade Apache Commons Collections to v3.2.2

Version 3.2.1 has a CVSS 10.0 vulnerability. That's the worst kind of vulnerability that exists. By merely existing on the classpath, this library causes the Java serialization parser for the entire JVM process to go from being a state machine to a turing machine. A turing machine with an exec() function! https://commons.apache.org/proper/commons-collections/security-reports.html http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ -- MOS_MIGRATED_REVID=116309858
author: Googler <noreply@google.com> 2016-03-04 00:49:24 +0000
committer: Damien Martin-Guillerez <dmarting@google.com> 2016-03-04 12:19:48 +0000
commit: ba05c372f582f29d1d0494a34bde694c1ddc5b77 (patch)
tree: 6bdfed565439868fc1f86541013ea487ddce5d5d /tools
parent: 2de7a886910a767fdd0b4612f85877dc288745dc (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/build_rules/appengine/appengine.bzl b/tools/build_rules/appengine/appengine.bzl
index 1b2d631e63..441a1ffb78 100644
--- a/tools/build_rules/appengine/appengine.bzl
+++ b/tools/build_rules/appengine/appengine.bzl
@@ -300,5 +300,5 @@ def appengine_repositories():
 
   native.maven_jar(
       name = "org_apache_commons_collections",
-      artifact = "commons-collections:commons-collections:3.2.1",
+      artifact = "commons-collections:commons-collections:3.2.2",
   )
author	Googler <noreply@google.com>	2016-03-04 00:49:24 +0000
committer	Damien Martin-Guillerez <dmarting@google.com>	2016-03-04 12:19:48 +0000
commit	ba05c372f582f29d1d0494a34bde694c1ddc5b77 (patch)
tree	6bdfed565439868fc1f86541013ea487ddce5d5d /tools
parent	2de7a886910a767fdd0b4612f85877dc288745dc (diff)