I am running TeamCity 9.1.6. Our internal security scan flagged commons-collections-3.2.1.jar as security risk (something to do with a deserialization vulerability) and are asking me to update the file to commons-collections-3.2.2.jar.

I have a limited knowledge of Java - can I just replace the file? 

Or do you have a patch?


Jay Turpin

Intel Corporation

1 comment
Comment actions Permalink

Hello Jay,

We consider TeamCity to be not affected by this vulnerability. Please watch the comments to the issue for more details.


Please sign in to leave a comment.