You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Taufiq Hoven (Jira)" <ji...@apache.org> on 2020/12/17 01:48:00 UTC

[jira] [Issue Comment Deleted] (VALIDATOR-390) Upgrade to Commons Collections 4.x

     [ https://issues.apache.org/jira/browse/VALIDATOR-390?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Taufiq Hoven updated VALIDATOR-390:
-----------------------------------
    Comment: was deleted

(was: With the identification of security vulnerabilities in [Commons Collections 3.2.2|https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-472711] , dependency scanning tools are marking Commons Validator as vulnerable through that dependency. While Validator itself may not be affected if it's not using vulnerable code (I haven't confirmed either way), anyone in organisations that mandate removal/upgrade of vulnerable libraries will be impacted.)

> Upgrade to Commons Collections 4.x
> ----------------------------------
>
>                 Key: VALIDATOR-390
>                 URL: https://issues.apache.org/jira/browse/VALIDATOR-390
>             Project: Commons Validator
>          Issue Type: Improvement
>            Reporter: Jake Brownell
>            Priority: Minor
>
> Commons Validator 1.5 now uses Java 1.6. Commons Collections 4.0/4.1 has the same Java requirement.
> I noticed that CV seems to be the only one of many third party dependencies in my project that requires CC 3.2.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)