commons-collections-3.2.1.jar

Answered

Permanently deleted user

Created April 18, 2016 16:12

I am running TeamCity 9.1.6. Our internal security scan flagged commons-collections-3.2.1.jar as security risk (something to do with a deserialization vulerability) and are asking me to update the file to commons-collections-3.2.2.jar.

I have a limited knowledge of Java - can I just replace the file?

Or do you have a patch?

Thanks

Jay Turpin

Intel Corporation

1 comment

Alina Mishina

Created April 20, 2016 12:49

Hello Jay,

We consider TeamCity to be not affected by this vulnerability. Please watch the comments to the issue https://youtrack.jetbrains.com/issue/TW-43096 for more details.

Please sign in to leave a comment.