I am running TeamCity 9.1.6. Our internal security scan flagged commons-collections-3.2.1.jar as security risk (something to do with a deserialization vulerability) and are asking me to update the file to commons-collections-3.2.2.jar.

I have a limited knowledge of Java - can I just replace the file? 

Or do you have a patch?


Jay Turpin

Intel Corporation

1 comment

Hello Jay,

We consider TeamCity to be not affected by this vulnerability. Please watch the comments to the issue for more details.


Please sign in to leave a comment.