Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

  • Replace commons-collections-3.2.1.jar in Smartclient 10.0

    Hello,

    Since there are some security vulnerabilities reported for commons-collections-3.2.1.jar, we are looking to upgrade it to commons-collections-3.2.2.jar in smartclient 10.0 that we use in our application. Could you please let me know if this is ok to do. I understand that the new smartclient version uses commons-collections-3.2.2.jar, as the upgrade is planned later, wanted to check if we can just replace the jar for now.

  • #2
    You're not vulnerable to that problem unless you're own application code uses Java serialization in the particular way mentioned in the vulnerability report, as the SmartClient framework does not do so. But if you feel like upgrading anyway, the .jar is backwards compatible.

    Comment


    • #3
      Thanks for your prompt response. This helps.

      Comment

      Working...
      X