[LPE-14653] Patch for Groovy to 1.7.5 and upgrade Commons Collections to 3.2.2 - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 6.0 EE (6.0.10), 6.0 EE SP1 (6.0.11), 6.0 EE SP2 (6.0.12), 6.1 EE GA1 (6.1.10), 6.1 EE GA2 (6.1.20), 6.1 EE GA3 (6.1.30), 6.2 EE GA1 (6.2.10)
Fix Version/s: 6.0.X EE, 6.1.X EE, 6.2.X EE
Component/s: Core Infrastructure, Security Vulnerability
Labels:

Fix Pack Status:
Waiting for Decision
Business Value:
5

Description

The following third-party libraries have been upgraded:

commons-collections.jar 3.2.1 has been upgrade to 3.2.2
groovy.jar* 1.7.5 has been upgrade to 1.7.5-patched-GROOVY-7504 for CVE-2015-3253

*For 6.0 EE (6.0.10), the old version was 1.7.0.

External references:
https://issues.apache.org/jira/browse/COLLECTIONS-580
https://issues.apache.org/jira/browse/GROOVY-7504

See also https://web.liferay.com/group/customer/products/portal/security-vulnerability/lsv-184

Attachments

Activity

People

Assignee:: Michael Prigge

Reporter:: Tibor Lipusz

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 15/Jan/16 3:04 AM

Updated:: 27/Dec/22 11:22 AM

Resolved:: 28/Nov/16 11:45 AM

Packages

Version	Package
6.0.X EE
6.1.X EE
6.2.X EE