Release notes for version 3.2.2Commons collections is a project to develop and maintain collection classes based on and inspired by the JDK collection framework. This project is Java 1.3 compatible, and does not use Java 5 generics. This 3.2.2 release is a bugfix release, fixing several bugs present in the previous releases of the 3.2 branch. Additionally, this release provides a mitigation for a known remote code exploitation via the standard java object serialization mechanism. By default, serialization support for unsafe classes in the functor package is disabled and will result in an exception when either trying to serialize or de-serialize an instance of these classes. For more details, please refer to COLLECTIONS-580. All users are strongly encouraged to update to this release. CompatibilityThis release is fully source and binary compatible with 3.2. For changes since the 3.1 release see the 3.2 Release Notes. Note that the method 'protected java.util.Set createSetBasedOnList(java.util.Set, java.util.List)' has been added. Security Changes
For a full list of changes in this release, refer to the Change report. |