I'm wondering how to mitigate this vulnerability (Vulnerability Note VU#576313 - Apache Commons Collections Java library insecurely deserializes data) in the latest release of WF. Can it be done without compiling from source?
Also, I couldn't find a bug report on this in the tracker, but maybe my search fu is just too weak?
there is no direct exposure to CVE mentioned as WildFly doesn't provide jmx-invoker anymore.
for more details see https://access.redhat.com/solutions/2045023
Quickest solution would probably be to manually update common-collections jar in org.apache.commons.collections module
to version 3.2.2 that has issue resolved.
Retrieving data ...