How can I fix the Apache Commons Collection 3.1 Java object de-serialisation vulnerability if I have CA SSO 12.52 SP1?