Repository: commons-collections Updated Branches: refs/heads/master 8cb8ac837 -> 6bb2ca179
Add release notes for 3.2.2 at the bottom. Project: http://git-wip-us.apache.org/repos/asf/commons-collections/repo Commit: http://git-wip-us.apache.org/repos/asf/commons-collections/commit/6bb2ca17 Tree: http://git-wip-us.apache.org/repos/asf/commons-collections/tree/6bb2ca17 Diff: http://git-wip-us.apache.org/repos/asf/commons-collections/diff/6bb2ca17 Branch: refs/heads/master Commit: 6bb2ca17933a54a757a652cdc60d51e1820cc551 Parents: 8cb8ac8 Author: Gary Gregory <garydgreg...@gmail.com> Authored: Wed Jul 11 16:04:28 2018 -0600 Committer: Gary Gregory <garydgreg...@gmail.com> Committed: Wed Jul 11 16:04:28 2018 -0600 ---------------------------------------------------------------------- RELEASE-NOTES.txt | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/commons-collections/blob/6bb2ca17/RELEASE-NOTES.txt ---------------------------------------------------------------------- diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt index bd9f4b6..c889b11 100644 --- a/RELEASE-NOTES.txt +++ b/RELEASE-NOTES.txt @@ -209,3 +209,77 @@ For complete information on Apache Commons Collections, including instructions o patches, or suggestions for improvement, see the Apache Apache Commons Collections website: http://commons.apache.org/proper/commons-collections/ + +=============================================================================== + + Apache Commons Collections + Version 3.2.2 + RELEASE NOTES + + +INTRODUCTION: + +Commons collections is a project to develop and maintain collection classes +based on and inspired by the JDK collection framework. +This release is JDK1.3 compatible, and does not use JDK1.5 generics. + +This v3.2.2 release is a bugfix release, fixing several bugs present in the previous +releases of the 3.2 branch. Additionally, this release provides a mitigation for a +known remote code exploitation via the standard java object serialization mechanism. +By default, serialization support for unsafe classes in the functor package is +disabled and will result in an exception when either trying to serialize or de-serialize +an instance of these classes. For more details, please refer to COLLECTIONS-580. + +All users are strongly encouraged to updated to this release. + + +Changes in this version include: + +CHANGES +======= + +o COLLECTIONS-580: Serialization support for unsafe classes in the functor package is + disabled by default as this can be exploited for remote code execution + attacks. To re-enable the feature the system property + "org.apache.commons.collections.enableUnsafeSerialization" needs to be + set to "true". + Classes considered to be unsafe are: CloneTransformer, ForClosure, + InstantiateFactory, InstantiateTransformer, InvokerTransformer, + PrototypeCloneFactory, PrototypeSerializationFactory, WhileClosure. + +BUGFIXES +======== + +o COLLECTIONS-538: "ExtendedProperties" will now use a privileged action to access the + "file.separator" system property. In case the class does not have + permission to read system properties, the "File#separator" field will + be used instead. Thanks to Trejkaz. +o COLLECTIONS-447: Tree traversal with a TreeListIterator will not be affected anymore by + the removal of an element directly after a call to previous(). Thanks to Jeffrey Barnes. +o COLLECTIONS-444: SetUniqueList.set(int, Object) now works correctly if the object to be inserted + is already placed at the given position. Thanks to Thomas Vahrst, John Vasileff. +o COLLECTIONS-350: Removed debug output in "MapUtils#getNumber(Map)". Thanks to Michael Akerman. +o COLLECTIONS-335: Fixed cache assignment for "TreeBidiMap#entrySet". Thanks to sebb. +o COLLECTIONS-334: Synchronized access to lock in "StaticBucketMap#size()". Thanks to sebb. +o COLLECTIONS-307: "SetUniqueList#subList()#contains(Object)" will now correctly check the subList + rather than the parent list. Thanks to Christian Semrau. +o COLLECTIONS-304: "SetUniqueList#set(int, Object)" will now correctly enforce the uniqueness constraint. + Thanks to Rafa? Figas,Bjorn Townsend. +o COLLECTIONS-294: "CaseInsensitiveMap" will now convert input strings to lower-case in a + locale-independent manner. Thanks to Benjamin Bentmann. +o COLLECTIONS-266: "MultiKey" will now be correctly serialized/de-serialized. Thanks to Joerg Schaible. +o COLLECTIONS-261: "Flat3Map#remove(Object)" will now return the correct value mapped to the removed key + if the size of the map is less or equal 3. Thanks to ori. +o COLLECTIONS-249: "SetUniqueList.addAll(int, Collection)" now correctly add the collection at the + provided index. Thanks to Joe Kelly. +o COLLECTIONS-228: "MultiValueMap#put(Object, Object)" and "MultiValueMap#putAll(Object, Collection)" + now correctly return if the map has changed by this operation. +o COLLECTIONS-219: "CollectionUtils#removeAll" wrongly called "ListUtils#retainAll". Thanks to Tom Leccese. +o COLLECTIONS-217: Calling "setValue(Object)" on any Entry returned by a "Flat3Map" will now + correctly set the value for the current entry. Thanks to Matt Bishop. + + +For complete information on Apache Commons Collections, including instructions on how to submit bug reports, +patches, or suggestions for improvement, see the Apache Commons Collections website: + +http://commons.apache.org/collections/
