Author: ggregory
Date: Fri Nov 13 18:55:07 2015
New Revision: 1714253
URL: http://svn.apache.org/viewvc?rev=1714253&view=rev
Log:
history.xml is missing version 3.2.2.
Modified:
commons/proper/collections/branches/COLLECTIONS_3_2_X/xdocs/history.xml
Modified:
commons/proper/collections/branches/COLLECTIONS_3_2_X/xdocs/history.xml
URL:
http://svn.apache.org/viewvc/commons/proper/collections/branches/COLLECTIONS_3_2_X/xdocs/history.xml?rev=1714253&r1=1714252&r2=1714253&view=diff
==============================================================================
--- commons/proper/collections/branches/COLLECTIONS_3_2_X/xdocs/history.xml
(original)
+++ commons/proper/collections/branches/COLLECTIONS_3_2_X/xdocs/history.xml Fri
Nov 13 18:55:07 2015
@@ -104,6 +104,14 @@ Notably MultiValueMap is a new more flex
<b>Collections 3.2.1</b> Re-packaged v3.2 release which is OSGi enabled.
</p>
+<p>
+<b>Collections 3.2.2</b> Serialization support for unsafe classes in the
functor package is disabled by default as
+this can be exploited for remote code execution attacks. To re-enable the
feature the system property
+"org.apache.commons.collections.enableUnsafeSerialization" needs to be set to
"true". Classes considered to be
+unsafe are: CloneTransformer, ForClosure, InstantiateFactory,
InstantiateTransformer, InvokerTransformer,
+PrototypeCloneFactory, PrototypeSerializationFactory, WhileClosure. Fixes
COLLECTIONS-580. Other bug fixes as well.
+</p>
+
</section>
</body>
