Author: tn
Date: Wed Nov 11 16:06:45 2015
New Revision: 11147
Log:
Creating distribution files for Commons Collections 3.2.2 based on RC2.
Modified:
dev/commons/collections/RELEASE-NOTES.txt
dev/commons/collections/binaries/commons-collections-3.2.2-bin.tar.gz
dev/commons/collections/binaries/commons-collections-3.2.2-bin.tar.gz.asc
dev/commons/collections/binaries/commons-collections-3.2.2-bin.tar.gz.md5
dev/commons/collections/binaries/commons-collections-3.2.2-bin.tar.gz.sha1
dev/commons/collections/binaries/commons-collections-3.2.2-bin.zip
dev/commons/collections/binaries/commons-collections-3.2.2-bin.zip.asc
dev/commons/collections/binaries/commons-collections-3.2.2-bin.zip.md5
dev/commons/collections/binaries/commons-collections-3.2.2-bin.zip.sha1
dev/commons/collections/source/commons-collections-3.2.2-src.tar.gz
dev/commons/collections/source/commons-collections-3.2.2-src.tar.gz.asc
dev/commons/collections/source/commons-collections-3.2.2-src.tar.gz.md5
dev/commons/collections/source/commons-collections-3.2.2-src.tar.gz.sha1
dev/commons/collections/source/commons-collections-3.2.2-src.zip
dev/commons/collections/source/commons-collections-3.2.2-src.zip.asc
dev/commons/collections/source/commons-collections-3.2.2-src.zip.md5
dev/commons/collections/source/commons-collections-3.2.2-src.zip.sha1
Modified: dev/commons/collections/RELEASE-NOTES.txt
==============================================================================
--- dev/commons/collections/RELEASE-NOTES.txt (original)
+++ dev/commons/collections/RELEASE-NOTES.txt Wed Nov 11 16:06:45 2015
@@ -12,8 +12,9 @@ This release is JDK1.3 compatible, and d
This v3.2.2 release is a bugfix release, fixing several bugs present in the
previous
releases of the 3.2 branch. Additionally, this release provides a mitigation
for a
known remote code exploitation via the standard java object serialization
mechanism.
-By default, de-serialization of "InvokerTransformer" instances is prohibited
and
-will result in an exception. For more details, please refer to COLLECTIONS-580.
+By default, serialization support for unsafe classes in the functor package is
+disabled and will result in an exception when either trying to serialize or
de-serialize
+an instance of these classes. For more details, please refer to
COLLECTIONS-580.
All users are strongly encouraged to updated to this release.
@@ -23,11 +24,14 @@ Changes in this version include:
CHANGES
=======
-o COLLECTIONS-580: De-serialization of "InvokerTransformer" is disabled by
default as this
- can be exploited for remote code execution attacks. To
re-enable the
- feature the system property
-
"org.apache.commons.collections.invokertransformer.enableDeserialization"
- needs to be set to "true".
+o COLLECTIONS-580: Serialization support for unsafe classes in the functor
package is
+ disabled by default as this can be exploited for remote
code execution
+ attacks. To re-enable the feature the system property
+ "org.apache.commons.collections.enableUnsafeSerialization"
needs to be
+ set to "true".
+ Classes considered to be unsafe are: CloneTransformer,
ForClosure,
+ InstantiateFactory, InstantiateTransformer,
InvokerTransformer,
+ PrototypeCloneFactory, PrototypeSerializationFactory,
WhileClosure.
BUGFIXES
========
Modified: dev/commons/collections/binaries/commons-collections-3.2.2-bin.tar.gz
==============================================================================
Binary files - no diff available.
Modified:
dev/commons/collections/binaries/commons-collections-3.2.2-bin.tar.gz.asc
==============================================================================
--- dev/commons/collections/binaries/commons-collections-3.2.2-bin.tar.gz.asc
(original)
+++ dev/commons/collections/binaries/commons-collections-3.2.2-bin.tar.gz.asc
Wed Nov 11 16:06:45 2015
@@ -1,17 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-iQIcBAABAgAGBQJWQRizAAoJEKQfE8mZlFKTGaIP/jl6U0JmcBV/z2/ZVq7/UYOz
-/b+KRvy+b7T1fp9slQrj/dFMA9bM6l3EnbpYisvjyXBZBgOiHKjlz2HR7uefSAae
-cpV//Gy09UrYGoPuvkDnbwl5FOzXPeTozoLq6F0CCASg7mbUYPNjjw69zxwb7qsD
-nKq+iLV0/WOTaNdBGcsyu5/0DhLBI3f2aW4DgMZjWWgQs6elr+Xy1e5r6xh3SNzy
-i9FEgBsxFfWZ6JJ637xOMbIK3Erk5FkGe2F0yvjznZ7i3Y3HfQ/EeXaY4h8VUIUK
-Fjqpj26xXdEtGLUCQ6BM+yzyfNay1pAbOZAaFnRtdZ7NEZpOPutPdIIxb/su9H9f
-Mzqaa+yMx+65dfSJEfciSD7ZXEGTxMV31kFbIa56HgN7jzKj4fklXXaTLjVOgZYz
-nLuaSRgCbFXZAHU5+gDNHNnwZBCDuoalYXxYd4NdKITtpzLusHMvOCD1RC2vd7QK
-jETP6unofLe+1444SD7Ww+1vi4qahqwqoxlvJ2GGBmCEvFq1Z9adYM+MlGjrH1yq
-Z/eePR/SMWZOOAQGFnx0SZ/rWtDvVn4TZldLkNJkTFcn3KyaOU/3eV4Ls0dB7K1Y
-aa0/BV7cganBp8dBbpTcX3qnh9MeH3ANg/L2i3Zy3GboAF4/+veE+xdDcQftX4J3
-7q0PVndkgB33byfM2gYH
-=loKt
+iQIcBAABAgAGBQJWQ2NDAAoJEKQfE8mZlFKTQ4AQAI79ewAXeH7vwfKUJMTnXXD2
+TVlGyM8lEjwx4b2QQEO72SVHCQf0YWhVKVDK7rF+quKVGSwAm8zGYccpESgkR/Q3
+IZJMk10MSUzI3v+ndTazC2ocTa5Q7vulBCB/6fztsUDIUbRqiWaEi8CD6eIIbkEI
+X6sp+wJj6ZGo2YB5ZM2t4VH6e3uqlLZBXhnhD/h80nG3D6LAXyDj9xWnZfZs6LAG
+IPSIn9ZZUHkC8V1HMm+MZivrxenFEGB2CpP8KAOQFmRGpOAELO3cyoPkLDhMFSQH
+31eGiQCULnUq038QpE9UWDBe8ldOinilIZi26xw3aUE5hFfaB60L5iYW8/5vReSm
+YxgW4u6lPVfP7C+BfCCgN8BQIiznDW+ySs12I8wUhSWay1j72zU6p6CrgGhbKcuT
+AfDSXROHkUeiv6pQMR9wFrvK4D60xvjgqXUnisvfh81xjG/U24gJzbtIyZH2ZGv1
+3wZhNeOBOvxPSfoEYihDvrC/PcbAA4ItxAka002LRe2eMgbRMzpyv1ihbqnWS63Q
+hLh6XYnmpxLXN0LO7IyrVmBA9chS1TBDWtK0//+dZGf9F03gFO9wwTjxdOZAswG+
+MwFuaU8W1fil8+UWhgJMNyhEWIWkubJXofWi5xaCVN8+O568wwO5GqlYkrAATmZ0
++zpIv6xPBbqrkgsyYNqb
+=91g6
-----END PGP SIGNATURE-----
Modified:
dev/commons/collections/binaries/commons-collections-3.2.2-bin.tar.gz.md5
==============================================================================
--- dev/commons/collections/binaries/commons-collections-3.2.2-bin.tar.gz.md5
(original)
+++ dev/commons/collections/binaries/commons-collections-3.2.2-bin.tar.gz.md5
Wed Nov 11 16:06:45 2015
@@ -1 +1 @@
-4b75ce88a5d3f4ecf7f312715e717ea8
\ No newline at end of file
+da619f64854e44b650d94ed30a144894
\ No newline at end of file
Modified:
dev/commons/collections/binaries/commons-collections-3.2.2-bin.tar.gz.sha1
==============================================================================
--- dev/commons/collections/binaries/commons-collections-3.2.2-bin.tar.gz.sha1
(original)
+++ dev/commons/collections/binaries/commons-collections-3.2.2-bin.tar.gz.sha1
Wed Nov 11 16:06:45 2015
@@ -1 +1 @@
-58a203acc07446e43fb0ea431bf5e37c67069a9d
\ No newline at end of file
+4ed4321768e04e83981bef02d0abee0fb4d8355f
\ No newline at end of file
Modified: dev/commons/collections/binaries/commons-collections-3.2.2-bin.zip
==============================================================================
Binary files - no diff available.
Modified: dev/commons/collections/binaries/commons-collections-3.2.2-bin.zip.asc
==============================================================================
--- dev/commons/collections/binaries/commons-collections-3.2.2-bin.zip.asc
(original)
+++ dev/commons/collections/binaries/commons-collections-3.2.2-bin.zip.asc Wed
Nov 11 16:06:45 2015
@@ -1,17 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-iQIcBAABAgAGBQJWQRizAAoJEKQfE8mZlFKTghEP/ih3E1lTt14G7+6kR+vhg5Mr
-XBOV1zB2foysCcfqUrpFxlROGDTzGSFIFn5O1eDsUOX+X/vjDKFGNZIkKHbCrWk9
-dUKzYit76wxROC7dWMeazDvUu1+37B+Wo5FajQcEynyqxflZZIl2noMR3pVBEvOh
-L44E6lmoqX3prhNnglTjNVbHZRFMxFV6oY52hMAUtxdLrPiSJCCIv747HyOxlF7n
-ZMiR00a8qtSpo9QeWkPgcmxeWJPVl0VRiD1peT9cjLxnb3Vkey6znOIL+tV2LS30
-APgtYldh60ViFhtZ8fnWc6gD3hpayFSHJPqvZwpiCAND8fZ6k9SywFSeEZx0EzP3
-iCicWUfhJNf0Oag3NEmkMi8k6SNVNSpe/JpNT2a+4spUOIuL2lcFkRjKm+h4N+Il
-VURuB5Jooccw593vIWIjGxgOTmT/jnSn0QOpguNWZj6UElxr8egfdIIy2NLsm/GQ
-udcl+HjwTSIWz5A8FKocbhvUpJ8ycr+fydkKhbCt3YA4o5/dxLRSHwnV9WZt1S2X
-L5GDiq6IHHTj7v/4BmlzjrOC9+GwoAx0HB1E9v+IfgJPUmj9BU7D/AunWOP070zR
-bbhd+eTFFHpP5js6cTRmaywuxReMsfrDoqB7ODWOVF1v1wXnBmBUxRiUojRQGUxl
-Ph+/Jd/yEDsuv31tK5gI
-=V3cn
+iQIcBAABAgAGBQJWQ2NEAAoJEKQfE8mZlFKTF68P/373nraU0D787Rz/4lX0MTG1
+Da+Lfshy2Z1+ByjVR2OYujIpzzrtg4MRPZtGhG6TXeRrKw8lpYRS+NO7W+eHBDKx
+921P3dPWRHOABCgk9TKw/C+y6D1X6smbQX1Au4ZShZXRqBAeseO9FB00lAOwUFAM
++BGeG8utyH6LDTenEoMUUJvEbFadj2buIazss6gD28FSLMZZfNs2foTPT6Lkz847
+OpR3exiIoAwHUjnF2pnzl6zJ0RBvZH34hpT6gdLeXs+XeDSpOBqB9Iy0fBy9vF7l
+S+85q91CCBmR5qujzxe/x5TdoEuARCXdS1qfhr7HxswZQoRGrlt0/0ZZwf2sISVV
+IwI3OXxXWctTgZktNy9OwAPOrtzMbYqIOEya1SiPNjaDsMaTQRuS3THwB2MFUk+O
+GR2GejrTB3V+G0RVoawFzgk8zQilTptl7RhXCN7tmTMSNsDbx2c0I0rF+NM8yij7
+XEP8WszX9YbxXDEsVomFzSNfmxIdMs5aEZzwAvQQNSLuCs7b1fMbcG4krpU8seBa
+s4ONR5tmoHc+4mbmSuYdaqprQNwrJwo+zoi+IoI0E5PF8ac7nHWp+TegCGhS3GjK
+SNh0k1M0GJZB2WF61AXYdOv/VYdgiaSFhI0GyRQXoYM5ZEFjhg1APrzGIiTlqfUv
+GXGymcmSoibbNw8NhU8S
+=mooa
-----END PGP SIGNATURE-----
Modified: dev/commons/collections/binaries/commons-collections-3.2.2-bin.zip.md5
==============================================================================
--- dev/commons/collections/binaries/commons-collections-3.2.2-bin.zip.md5
(original)
+++ dev/commons/collections/binaries/commons-collections-3.2.2-bin.zip.md5 Wed
Nov 11 16:06:45 2015
@@ -1 +1 @@
-9dbe61423b79c36c7083dc1e32d9aeef
\ No newline at end of file
+e619dbb1dfd0d433b8adf3e351c0c7c9
\ No newline at end of file
Modified:
dev/commons/collections/binaries/commons-collections-3.2.2-bin.zip.sha1
==============================================================================
--- dev/commons/collections/binaries/commons-collections-3.2.2-bin.zip.sha1
(original)
+++ dev/commons/collections/binaries/commons-collections-3.2.2-bin.zip.sha1 Wed
Nov 11 16:06:45 2015
@@ -1 +1 @@
-e83a3089baa5b14d499cb8f22024e910abd16fdd
\ No newline at end of file
+1b00c54b6e562879cc5d289a6c407c3f21b8fc31
\ No newline at end of file
Modified: dev/commons/collections/source/commons-collections-3.2.2-src.tar.gz
==============================================================================
Binary files - no diff available.
Modified:
dev/commons/collections/source/commons-collections-3.2.2-src.tar.gz.asc
==============================================================================
--- dev/commons/collections/source/commons-collections-3.2.2-src.tar.gz.asc
(original)
+++ dev/commons/collections/source/commons-collections-3.2.2-src.tar.gz.asc Wed
Nov 11 16:06:45 2015
@@ -1,17 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-iQIcBAABAgAGBQJWQRizAAoJEKQfE8mZlFKT76IQAJapLBnbm595fvCajHjL+eQN
-PO3W7zu7m0cBNQZ9DejyNYAVDY4AA5yltlIUe30lG/9Wael96K19Bdit2/2teYus
-c93iAk2kNrE2kSRrIL7TecB7ypirh0+yWZtKj8IxweMkf2t38hCYB6xNwG62zXO2
-aNTrPUrdqfk6Xzxz67SuP28m8CfoF+LySpFbKDFUcGsVjmssbSrc6vBOF/jNzlOW
-xQLLN4hTVLtw675reP7NKhNVNuFMejUgDX11YysJbxA42YqtuE6gFh2uL8ax/rm1
-Ksn63DaP7fDVJvvOQslbO/scHfhdf2bzQ+oRi8gJlX9K97fltTmOpinOXKp45sPG
-7IRyo1dJBrAmjaTBVwtR29ZUWdSs+ylMxIhQEUGP+I2RRLxMEnT+6SR64YD/Q8Bb
-JxClrzYXHBI107wtdwxAxxnEloqS9VNCjusJXYB63CME5ji6+g2pBT615WtIuV8l
-wZWWcxbMCBHcXv1cSe1a5xa4Fd75X09ycRrVimzuZ0f6er+H63DCxqCHUou9WaAe
-yH+4/gLn5ve/6a0bh5XUW2mlJJ5IOslCNXxciVuLoW5R1gcQ+hUmeqlHVebh98KH
-S1OzllpEVN9LaHRqwmo5Q3nXFGEkuJRHOSX49a/Bq1gY1pDkd9bxJuaVV/QyvYSJ
-taF0BUU9MbMGvl1tLk9C
-=1U1P
+iQIcBAABAgAGBQJWQ2NEAAoJEKQfE8mZlFKTloEP/1EKW4Ah8VgBXufDSXWlNnbS
++KnjcbWvvfggaRSe/XbaBGNzuqX/ttckxmjpx1G+wyye3uDOmgFf2QHbzX6CDlvd
+8H/E2P55wAhBeC4qmUyc+/hyyrOOsA45x67wEHuIOydw8hL0YI9gCR/LWvTG8qCz
+TcE5b8UGhrA6RzvPh4+BdsN57r9OJsS23okvv1ssi30lqBVotXKRwx3cnx4np5QZ
+pKe4sCSHk0C1ehKllfud0KT6zJ0tOG+qPKnw7xFt/ELK5opGIND/1VCuoLf2AZK1
+FQTotP/PuQnyw8rBdGw3Y9svNp9SSI4jLp2gM485G9nQNy8JTzCIQT2EqAU0ialH
+CXjiSDbPa1pwIAQQt+i/T9oFbMBrsiMRjWQrQWWWG6YUYviEhseI0Kvh43Cp/8vn
+wCvPIYw3N1hJVnsgJSzx5vDPkxHpOhlko1zSH0m2jGWKo07oBRKyz6sOg4+rUV4O
+EfR08NRO65+bBJ90gWrixLgR88U+eM6+tINGqF+k0wAZCKIR+Z4JNngR5S00urQB
+2R7bNoIl4emBgOnn+zcrlnQ12ols07xBnTpsaEnkY/x9n14g1Hg8KU1HbZ9sHYAN
+Rv4OGcZK1/EvZjUn6fhRNHadjYrQNnj4vcKCHw8WwCQ2rS2Mk69cXBStcMsO3K8K
+DUXzNabtBJYWGlkrj8Mw
+=uxQ0
-----END PGP SIGNATURE-----
Modified:
dev/commons/collections/source/commons-collections-3.2.2-src.tar.gz.md5
==============================================================================
--- dev/commons/collections/source/commons-collections-3.2.2-src.tar.gz.md5
(original)
+++ dev/commons/collections/source/commons-collections-3.2.2-src.tar.gz.md5 Wed
Nov 11 16:06:45 2015
@@ -1 +1 @@
-576463c37a2986103f58f2df85f15582
\ No newline at end of file
+a32ee651d654ea2c04004a5ada0aa1ab
\ No newline at end of file
Modified:
dev/commons/collections/source/commons-collections-3.2.2-src.tar.gz.sha1
==============================================================================
--- dev/commons/collections/source/commons-collections-3.2.2-src.tar.gz.sha1
(original)
+++ dev/commons/collections/source/commons-collections-3.2.2-src.tar.gz.sha1
Wed Nov 11 16:06:45 2015
@@ -1 +1 @@
-d10011f4b10139dd4af5037ea8174e65785371f2
\ No newline at end of file
+6ffcee546864efeddd207a9f16c65977f8595003
\ No newline at end of file
Modified: dev/commons/collections/source/commons-collections-3.2.2-src.zip
==============================================================================
Binary files - no diff available.
Modified: dev/commons/collections/source/commons-collections-3.2.2-src.zip.asc
==============================================================================
--- dev/commons/collections/source/commons-collections-3.2.2-src.zip.asc
(original)
+++ dev/commons/collections/source/commons-collections-3.2.2-src.zip.asc Wed
Nov 11 16:06:45 2015
@@ -1,17 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-iQIcBAABAgAGBQJWQRi0AAoJEKQfE8mZlFKTfn0P/irYRUkzJgkbAgUX8Tk1Ak4s
-pZge9cF4dEn87Bepq577Li+ANv5zbOnF3Jdm/E/F/SK2hzkQ9cTvv9Qbc30PIEOO
-L/C7e7XNTiSU79ygAjvBl0q/EAzMBisEubLabatUpJcrFyKHn1gmbdOsJpXl8eae
-1+QanwxAbkFERDcRgH08rowzbwjcAQqcJBqVulFczRk7lDd7M2wdPJW+RKaFe8Oy
-8W7ZnQfM8DTSAdPEvyxblhXOmuQYsWFJu+iOhxKWbICqnysvIA4YbAA8isOd93Ls
-3N0+GAYpUvVr/zVZaAztzv3sJNVGLdRSEkhbRY6uTbRwMMb0ss/VC84nctPaYP3O
-7JL0ZskVnckxeBhCwz7YRf2X8PEAjI6aH1kvlwejixVyxxtLbFRMo2ROFBk8ZUzw
-ox/kkmA9n7XR0zLdQUGd9sT4+jP4zYZC52B97eWeHAsKjqYSgWBmUg8kpr7/xmiF
-HDWb7LppdMkg0Kqdhyf/WwqN0N67fLUwXgl86w6wlYHqbgLa6JCdu5A6JrpoRAzN
-UBn6s2+elyYPjETvKjD8ekHksUXQDfrn2D9SL9X/3mQtP4FHH2jpNcy/Jdq5wriy
-Z8PnM9X12K2iTqzZQnX6UgGNP/6gYQiuSMYhdQ/hNNA4J/JKKpgnTKIzg5OCXIN5
-Z5bR6ofiG84beOGtKhOe
-=R7jQ
+iQIcBAABAgAGBQJWQ2NEAAoJEKQfE8mZlFKTZvAP/2WHfmhXzQo374xoYyekIJTj
+0RokAi9MWTbzZu/5+n/bpZGqZphvi7wis99eXvhDKQh94WohDdQhGdZ03OZ6Fuaw
+Nl62AfOOYzfSy7ZeNXsjyUMVztF+y/Syh94J/wPcNEn7q6ZM1k05wBwA0h2phEg2
+L7FIyonXti75oZBlQe+v+8B5VfdGTDlPSYoG0VPeqnEs/MUEQi0ivdVQMW12nL2b
+8a2X/EY0ZF9/gFPGeYCFzSkY4OfDrWwmc8o9ndgaSIu57IvHoqi4MTCM7TnEmfMR
+C3BVifYORpcvPMLFCbNoxQvqHsQmifqnMscpeuxLwS1iN0HXe3Ol7ooU2cqo8M1X
+hL3+lVoa4Y8Lf1OX7lW2p5ipX58YI8X8veBIT+FgXEp3qxVFYjiu6rI1ycudf7LS
+fh2gIYsg3wd8vdy+/pNfYF8xUoBW4KHbX3D3w8q88+KmtDjWLMbLowKSXPHdwZ1l
+bcSy7ytAZRrMWbAQPTU0PX5/k8R8F2oa79E5BuvZez2ds8iz5mqGkZ91N4vC31LZ
+B90Sl0y0JTTI7I4b92Z2UhYM1DWdZSXaOvC1c3nVSlOWdoLGTd0YPfSAcOpKD1zP
+rRhO/xmIjvVg573tfMh9xVd7FSJIhQFSDD/qlrW920qNaomFPwc03ptY5eIwr/Rm
+9Fw7c5DHqd5SBofjWOkk
+=NAaU
-----END PGP SIGNATURE-----
Modified: dev/commons/collections/source/commons-collections-3.2.2-src.zip.md5
==============================================================================
--- dev/commons/collections/source/commons-collections-3.2.2-src.zip.md5
(original)
+++ dev/commons/collections/source/commons-collections-3.2.2-src.zip.md5 Wed
Nov 11 16:06:45 2015
@@ -1 +1 @@
-fb06cb50d321ec39e338f3f9509db414
\ No newline at end of file
+5ab80122ab89a5043e3d41ffda866aba
\ No newline at end of file
Modified: dev/commons/collections/source/commons-collections-3.2.2-src.zip.sha1
==============================================================================
--- dev/commons/collections/source/commons-collections-3.2.2-src.zip.sha1
(original)
+++ dev/commons/collections/source/commons-collections-3.2.2-src.zip.sha1 Wed
Nov 11 16:06:45 2015
@@ -1 +1 @@
-5024d3dadab3a96bc8164fc92feb016172e89c7e
\ No newline at end of file
+eeb4a98f2b0b9fc7db3c8cd47de37fce57219986
\ No newline at end of file
