history.xml is missing version 3.2.2. git-svn-id: https://svn.apache.org/repos/asf/commons/proper/collections/branches/COLLECTIONS_3_2_X@1714253 13f79535-47bb-0310-9956-ffa450edef68
Project: http://git-wip-us.apache.org/repos/asf/commons-collections/repo Commit: http://git-wip-us.apache.org/repos/asf/commons-collections/commit/ad0f9faf Tree: http://git-wip-us.apache.org/repos/asf/commons-collections/tree/ad0f9faf Diff: http://git-wip-us.apache.org/repos/asf/commons-collections/diff/ad0f9faf Branch: refs/heads/COLLECTIONS_3_2_X Commit: ad0f9faf5e2ad4913c205ffd2db274dcd5baacaa Parents: 6a3dbcd Author: Gary D. Gregory <ggreg...@apache.org> Authored: Fri Nov 13 18:55:07 2015 +0000 Committer: Gary D. Gregory <ggreg...@apache.org> Committed: Fri Nov 13 18:55:07 2015 +0000 ---------------------------------------------------------------------- xdocs/history.xml | 8 ++++++++ 1 file changed, 8 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/commons-collections/blob/ad0f9faf/xdocs/history.xml ---------------------------------------------------------------------- diff --git a/xdocs/history.xml b/xdocs/history.xml index 262f623..cf9d6ec 100644 --- a/xdocs/history.xml +++ b/xdocs/history.xml @@ -104,6 +104,14 @@ Notably MultiValueMap is a new more flexible implementation of MultiHashMap. <b>Collections 3.2.1</b> Re-packaged v3.2 release which is OSGi enabled. </p> +<p> +<b>Collections 3.2.2</b> Serialization support for unsafe classes in the functor package is disabled by default as +this can be exploited for remote code execution attacks. To re-enable the feature the system property +"org.apache.commons.collections.enableUnsafeSerialization" needs to be set to "true". Classes considered to be +unsafe are: CloneTransformer, ForClosure, InstantiateFactory, InstantiateTransformer, InvokerTransformer, +PrototypeCloneFactory, PrototypeSerializationFactory, WhileClosure. Fixes COLLECTIONS-580. Other bug fixes as well. +</p> + </section> </body>
